CVE-2014-4363
Severity Score
4.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element.
Safari en Apple iOS anterior a 8 no restringe debidamente el autocompletado de la contraseñas en formularios, lo que permite a atacantes remotos obtener información sensible a través de (1) un sitio web http, (2) un sitio web https con ceritificado X.509 inaceptable, o (3) elemento IFRAME.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-06-20 CVE Reserved
- 2014-09-17 CVE Published
- 2024-08-06 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/61306 | Third Party Advisory | |
| http://www.securityfocus.com/bid/69882 | Third Party Advisory | |
| http://www.securityfocus.com/bid/69909 | Third Party Advisory | |
| http://www.securitytracker.com/id/1030866 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/96075 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html | 2019-07-16 | |
| http://support.apple.com/kb/HT6440 | 2019-07-16 | |
| http://support.apple.com/kb/HT6441 | 2019-07-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | >= 7.0 <= 7.1.2 Search vendor "Apple" for product "Iphone Os" and version " >= 7.0 <= 7.1.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | >= 6.0 <= 6.1.5 Search vendor "Apple" for product "Safari" and version " >= 6.0 <= 6.1.5" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | >= 7.0 <= 7.0.5 Search vendor "Apple" for product "Safari" and version " >= 7.0 <= 7.0.5" | - |
Affected
| ||||||