CVE-2014-4363

Loading...

General

Score:5.0/10.0
Severity:Medium
Category:Access Management Error

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Relative vulnerabilities

CVE-2011-2391, CVE-2013-5227, CVE-2013-6663, CVE-2013-6835, CVE-2014-1348, CVE-2014-1360, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-4352, CVE-2014-4353, CVE-2014-4354, CVE-2014-4356, CVE-2014-4357, CVE-2014-4361, CVE-2014-4362, CVE-2014-4364, CVE-2014-4366, CVE-2014-4367, CVE-2014-4368, CVE-2014-4369, CVE-2014-4371, CVE-2014-4372, CVE-2014-4373, CVE-2014-4374, CVE-2014-4375, CVE-2014-4377, CVE-2014-4378, CVE-2014-4379, CVE-2014-4380, CVE-2014-4381, CVE-2014-4383, CVE-2014-4384, CVE-2014-4386, CVE-2014-4388, CVE-2014-4389, CVE-2014-4404, CVE-2014-4405, CVE-2014-4407, CVE-2014-4408, CVE-2014-4409, CVE-2014-4410, CVE-2014-4411, CVE-2014-4412, CVE-2014-4413, CVE-2014-4414, CVE-2014-4415, CVE-2014-4418, CVE-2014-4419, CVE-2014-4420, CVE-2014-4421, CVE-2014-4422, CVE-2014-4423

Published on 18/09/14 - Updated on 29/08/17

Description

Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element.

Category: Access Management Error

CWE-255 (Credentials Management)
Weaknesses in this category are related to the management of credentials.

Security Notices

US National Vulnerability DatabaseCVE-2014-4363
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2014-AVI-393
Renater 2014/VULN193, 2014/VULN196

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
appleiphone_os
applesafari

Share this vulnerability with:

Twitter Facebook LinkedIn Mail