CVE-2014-4363

medium

Description

Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/96075

http://www.securitytracker.com/id/1030866

http://www.securityfocus.com/bid/69909

http://www.securityfocus.com/bid/69882

http://support.apple.com/kb/HT6441

http://support.apple.com/kb/HT6440

http://secunia.com/advisories/61306

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html

Details

Source: Mitre, NVD

Published: 2014-09-18

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: Medium