CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2009-05-13 08:30
Updated : 2017-08-07 18:33
NVD link : CVE-2009-0144
Mitre link : CVE-2009-0144
JSON object : View
CWE
CWE-16
Configuration
Products Affected
apple
- mac_os_x
- mac_os_x_server