The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.
References
Link | Resource |
---|---|
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html | Vendor Advisory |
http://www.securityfocus.com/archive/1/537948/100/0/threaded | |
http://www.securitytracker.com/id/1035353 | |
https://support.apple.com/HT206166 | Vendor Advisory |
https://support.apple.com/HT206171 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apple
Published: 2016-03-24T01:00:00
Updated: 2018-10-09T18:57:01
Reserved: 2016-01-13T00:00:00
Link: CVE-2016-1786
JSON object: View
NVD Information
Status : Modified
Published: 2016-03-24T01:59:53.330
Modified: 2018-10-09T19:59:23.973
Link: CVE-2016-1786
JSON object: View
Redhat Information
No data.
CWE