CVE-2014-4363

MEDIUM

Description

Safari in Apple iOS before 8 does not properly restrict the autofilling of passwords in forms, which allows remote attackers to obtain sensitive information via (1) an http web site, (2) an https web site with an unacceptable X.509 certificate, or (3) an IFRAME element.

References

http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html

http://secunia.com/advisories/61306

http://support.apple.com/kb/HT6440

http://support.apple.com/kb/HT6441

http://www.securityfocus.com/bid/69882

http://www.securityfocus.com/bid/69909

http://www.securitytracker.com/id/1030866

https://exchange.xforce.ibmcloud.com/vulnerabilities/96075

Details

Source: MITRE

Published: 2014-09-18

Updated: 2019-07-16

Type: CWE-255

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM