The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2016-03-24T01:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2016-01-13T00:00:00


Link: CVE-2016-1786

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2016-03-24T01:59:53.330

Modified: 2018-10-09T19:59:23.973


Link: CVE-2016-1786

JSON object: View

cve-icon Redhat Information

No data.

CWE