CVE-2016-4708
CVE-2016-4708
CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 misparses the Set-Cookie header, which allows remote attackers to obtain sensitive information via a crafted HTTP response.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00008.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00010.htmlhttp://lists.apple.com/archives/security-announce/2016/Sep/msg00011.htmlhttps://support.apple.com/HT207141https://support.apple.com/HT207142https://support.apple.com/HT207143https://support.apple.com/HT207170http://www.securityfocus.com/bid/93054http://www.securitytracker.com/id/1036858