CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.
Base Score: 5.8
Impact Score: 4.9
Exploitability Score: 8.6
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.11.0 (inclusive)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 9.0.2 (inclusive)
View all (5 total)