Medium severity6.5NVD Advisory· Published Sep 25, 2016· Updated Jun 17, 2026
CVE-2016-4708
CVE-2016-4708
Description
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- Range: <10
- Range: <10
- Range: <10.12
Patches
Vulnerability mechanics
References
10- lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2016/Sep/msg00010.htmlnvdMailing ListVendor Advisory
- lists.apple.com/archives/security-announce/2016/Sep/msg00011.htmlnvdMailing ListVendor Advisory
- www.securityfocus.com/bid/93054nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036858nvdThird Party AdvisoryVDB Entry
- support.apple.com/HT207141nvdVendor Advisory
- support.apple.com/HT207142nvdVendor Advisory
- support.apple.com/HT207143nvdVendor Advisory
- support.apple.com/HT207170nvdVendor Advisory
News mentions
0No linked articles in our index yet.