CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL.
Base Score: 2.6
Impact Score: 2.9
Exploitability Score: 4.9
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* versions up to 9.1 (inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions up to 10.11.1 (inclusive)
View all (5 total)