cvelistv5 - cve-2014-1295

CVE-2014-1295 (GCVE-0-2014-1295)

Vulnerability from cvelistv5 – Published: 2014-04-23 10:00 – Updated: 2024-08-06 09:34

Summary

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://archives.neohapsis.com/archives/bugtraq/20…	vendor-advisoryx_refsource_APPLE
	http://archives.neohapsis.com/archives/bugtraq/20…	vendor-advisoryx_refsource_APPLE
	http://archives.neohapsis.com/archives/bugtraq/20…	vendor-advisoryx_refsource_APPLE
	https://secure-resumption.com/	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:34:41.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2014-04-22-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
          },
          {
            "name": "APPLE-SA-2014-04-22-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"
          },
          {
            "name": "APPLE-SA-2014-04-22-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://secure-resumption.com/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server\u0027s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-04-23T01:57:00",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "APPLE-SA-2014-04-22-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
        },
        {
          "name": "APPLE-SA-2014-04-22-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"
        },
        {
          "name": "APPLE-SA-2014-04-22-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://secure-resumption.com/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2014-1295",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server\u0027s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2014-04-22-1",
              "refsource": "APPLE",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
            },
            {
              "name": "APPLE-SA-2014-04-22-2",
              "refsource": "APPLE",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"
            },
            {
              "name": "APPLE-SA-2014-04-22-3",
              "refsource": "APPLE",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"
            },
            {
              "name": "https://secure-resumption.com/",
              "refsource": "MISC",
              "url": "https://secure-resumption.com/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2014-1295",
    "datePublished": "2014-04-23T10:00:00",
    "dateReserved": "2014-01-08T00:00:00",
    "dateUpdated": "2024-08-06T09:34:41.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.1\", \"matchCriteriaId\": \"416E8374-1E96-4F30-8270-CC71EBD96257\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07A11433-B725-4BD6-B998-4B3637F061EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4FD62141-07B1-4E3D-80BC-25D519F90DBD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9737BD4-B4F4-4291-A1E9-B692ECBC657E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6160869-944D-4E34-BB81-6A1259D692B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"090CAC3C-4B20-46E5-A8C7-950B7E1DB5E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E96F77DD-0962-4E55-97A2-9BC2FE01D8A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BD9ACBF-34A4-4181-A6E0-78ABD4FC9ACB\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A48A5310-A589-4E9B-99BC-F840CC1A6A44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F241EBFB-CCB3-4D16-B476-AC1578D3C435\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AEAD650-87D1-49BB-A8C7-BA39FD47285C\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.1\", \"matchCriteriaId\": \"FF977CDC-9F9B-4F56-A488-061A67981716\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5365205F-B91D-4123-8CFD-EA42E0DEA944\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8C7F676-5ACC-4330-9591-465CA8AF77AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5314D7F-8352-41F5-A155-5E5392C58ABF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2082D62-3821-4DBA-8690-67489F44C38D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F0DB1BC-DC16-423E-B0C7-8E9C996A50B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E59315BA-B9F1-46A5-86E7-8BE2ED97BA4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55841123-F78F-42E0-8D40-C688C4B4D29C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"252640D3-5CB8-4C3D-9E8B-ED452293C805\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F3D30B4B-DA63-40B0-B0C9-F3992CF25706\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F1DAD30-BA77-40C2-9245-05DF871FDDC0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server\u0027s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \\\"triple handshake attack.\\\"\"}, {\"lang\": \"es\", \"value\": \"Secure Transport en Apple iOS anterior a 7.1.1, Apple OS X 10.8.x y 10.9.x hasta 10.9.2 y Apple TV anterior a 6.1.1 no asegura que el certificado X.509 de un servidor es el mismo durante renegaciaci\\u00f3n que era antes de renegociaci\\u00f3n, lo que permite a atacantes man-in-the-middle obtener informaci\\u00f3n sensible o modificar datos de sesi\\u00f3n TLS a trav\\u00e9s de un \\\"ataque de negociaci\\u00f3n triple.\\\"\"}]",
      "id": "CVE-2014-1295",
      "lastModified": "2024-11-21T02:04:00.717",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-04-23T11:52:59.383",
      "references": "[{\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://secure-resumption.com/\", \"source\": \"product-security@apple.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://secure-resumption.com/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-1295\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2014-04-23T11:52:59.383\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server\u0027s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \\\"triple handshake attack.\\\"\"},{\"lang\":\"es\",\"value\":\"Secure Transport en Apple iOS anterior a 7.1.1, Apple OS X 10.8.x y 10.9.x hasta 10.9.2 y Apple TV anterior a 6.1.1 no asegura que el certificado X.509 de un servidor es el mismo durante renegaciaci\u00f3n que era antes de renegociaci\u00f3n, lo que permite a atacantes man-in-the-middle obtener informaci\u00f3n sensible o modificar datos de sesi\u00f3n TLS a trav\u00e9s de un \\\"ataque de negociaci\u00f3n triple.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.1\",\"matchCriteriaId\":\"416E8374-1E96-4F30-8270-CC71EBD96257\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07A11433-B725-4BD6-B998-4B3637F061EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FD62141-07B1-4E3D-80BC-25D519F90DBD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9737BD4-B4F4-4291-A1E9-B692ECBC657E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6160869-944D-4E34-BB81-6A1259D692B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"090CAC3C-4B20-46E5-A8C7-950B7E1DB5E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E96F77DD-0962-4E55-97A2-9BC2FE01D8A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BD9ACBF-34A4-4181-A6E0-78ABD4FC9ACB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A48A5310-A589-4E9B-99BC-F840CC1A6A44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F241EBFB-CCB3-4D16-B476-AC1578D3C435\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AEAD650-87D1-49BB-A8C7-BA39FD47285C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.1\",\"matchCriteriaId\":\"FF977CDC-9F9B-4F56-A488-061A67981716\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5365205F-B91D-4123-8CFD-EA42E0DEA944\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8C7F676-5ACC-4330-9591-465CA8AF77AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5314D7F-8352-41F5-A155-5E5392C58ABF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2082D62-3821-4DBA-8690-67489F44C38D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F0DB1BC-DC16-423E-B0C7-8E9C996A50B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E59315BA-B9F1-46A5-86E7-8BE2ED97BA4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55841123-F78F-42E0-8D40-C688C4B4D29C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"252640D3-5CB8-4C3D-9E8B-ED452293C805\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D30B4B-DA63-40B0-B0C9-F3992CF25706\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F1DAD30-BA77-40C2-9245-05DF871FDDC0\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://secure-resumption.com/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://secure-resumption.com/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}"
  }
}

VAR-201404-0215

Vulnerability from variot - Updated: 2023-12-18 11:09

Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack.". Multiple Apple products are prone to a security-bypass vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks or impersonate server certificate, which will aid in further attacks. Apple iOS, Apple TV and Apple OS X are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product; Apple OS X is a dedicated operating system developed for Mac computers. An attacker in a privileged network position can intercept data or alter the operations performed within the SSL-protected segment. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

APPLE-SA-2014-04-22-1 Security Update 2014-002

Security Update 2014-002 is now available and addresses the following:

CFNetwork HTTPProtocol Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: An attacker in a privileged network position can obtain web site credentials Description: Set-Cookie HTTP headers would be processed even if the connection closed before the header line was complete. An attacker could strip security settings from the cookie by forcing the connection to close before the security settings were sent, and then obtain the value of the unprotected cookie. This issue was addressed by ignoring incomplete HTTP header lines. CVE-ID CVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris

CoreServicesUIAgent Available for: OS X Mavericks v10.9.2 Impact: Visiting a maliciously crafted website or URL may result in an unexpected application termination or arbitrary code execution Description: A format string issue existed in the handling of URLs. This issue was addressed through additional validation of URLs. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2014-1315 : Lukasz Pilorz of runic.pl, Erik Kooistra

FontParser Available for: OS X Mountain Lion v10.8.5 Impact: Opening a maliciously crafted PDF file may result in an unexpected application termination or arbitrary code execution Description: A buffer underflow existed in the handling of fonts in PDF files. This issue was addressed through additional bounds checking. This issue does not affect OS X Mavericks systems. CVE-ID CVE-2013-5170 : Will Dormann of CERT/CC

Heimdal Kerberos Available for: OS X Mavericks v10.9.2 Impact: A remote attacker may be able to cause a denial of service Description: A reachable abort existed in the handling of ASN.1 data. This issue was addressed through additional validation of ASN.1 data. CVE-ID CVE-2014-1316 : Joonas Kuorilehto of Codenomicon

ImageIO Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: Viewing a maliciously crafted JPEG image may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow issue existed in ImageIO's handling of JPEG images. This issue was addressed through improved bounds checking. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2014-1319 : Cristian Draghici of Modulo Consulting, Karl Smith of NCC Group

Intel Graphics Driver Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: A malicious application can take control of the system Description: A validation issue existed in the handling of a pointer from userspace. This issue was addressed through additional validation of pointers. CVE-ID CVE-2014-1318 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative

IOKit Kernel Available for: OS X Mavericks v10.9.2 Impact: A local user can read kernel pointers, which can be used to bypass kernel address space layout randomization Description: A set of kernel pointers stored in an IOKit object could be retrieved from userland. This issue was addressed through removing the pointers from the object. CVE-ID CVE-2014-1320 : Ian Beer of Google Project Zero working with HP's Zero Day Initiative

Kernel Available for: OS X Mavericks v10.9.2 Impact: A local user can read a kernel pointer, which can be used to bypass kernel address space layout randomization Description: A kernel pointer stored in a XNU object could be retrieved from userland. This issue was addressed through removing the pointer from the object. CVE-ID CVE-2014-1322 : Ian Beer of Google Project Zero

Power Management Available for: OS X Mavericks v10.9.2 Impact: The screen might not lock Description: If a key was pressed or the trackpad touched just after the lid was closed, the system might have tried to wake up while going to sleep, which would have caused the screen to be unlocked. This issue was addressed by ignoring keypresses while going to sleep. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2014-1321 : Paul Kleeberg of Stratis Health Bloomington MN, Julian Sincu at the Baden-Wuerttemberg Cooperative State University (DHBW Stuttgart), Gerben Wierda of R&A, Daniel Luz

Ruby Available for: OS X Mavericks v10.9.2 Impact: Running a Ruby script that handles untrusted YAML tags may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow issue existed in LibYAML's handling of YAML tags. This issue was addressed through additional validation of YAML tags. This issue does not affect systems prior to OS X Mavericks. CVE-ID CVE-2013-6393

Ruby Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: Running a Ruby script that uses untrusted input to create a Float object may lead to an unexpected application termination or arbitrary code execution Description: A heap-based buffer overflow issue existed in Ruby when converting a string to a floating point value. This issue was addressed through additional validation of floating point values. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection. This issue does not affect Mac OS X 10.7 systems and earlier. CVE-ID CVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris

WindowServer Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2 Impact: Maliciously crafted applications can execute arbitrary code outside the sandbox Description: WindowServer sessions could be created by sandboxed applications. This issue was addressed by disallowing sandboxed applications from creating WindowServer sessions. CVE-ID CVE-2014-1314 : KeenTeam working with HP's Zero Day Initiative

Note: Security Update 2014-002 for OS X Mavericks systems includes the security content of Safari 7.0.3: http://support.apple.com/kb/HT6181

Security Update 2014-002 may be obtained via the Apple Software Update application, and from the Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTVqgEAAoJEPefwLHPlZEw0L8P/RIqgQPc1/RnmPBCKVnZ0QyI 8V9jV07LyXTPySL3at/sAFac148ZYqu9cSKtRWB1oAQCnC8C20EIDLBvsysmKT/a zqLUP8ZGcd4jC4UYUleVgl4U9SXkp0L/HwpASXeRHGeUd/tN4eCBEgDfKSMdm8/s 4S70gTQPRRsQR3D8RkcOITJVFCaDFy/em3AbEJyAm7yDsDOinJdRrirRe7W1Q/p6 KBOmQYb73m0ykg08jgCjohxhTE9gpNeMeR7smN+7GsRb6XFlUOJGtnlePyLm1hN3 85e0KRnQyhTGXJ7y6MTmKzzwJ6/iVZvEeXK1IFwXEkwLLmp5uhp7wfT3DkZZSnBm +uo5g2aSQ80+7ZR9psUQwXOn8/6cFyKbG5tHxkh8IY6qLacvHP5yBcw3gqlUNPg5 2vCNWqhL8fEqncx7K1QC8CxwLQMVw9QnolukdjOxT66+kI0F/mDGeGdf/mYkGBJF ZECjWZsoekGq4TMu75MPn8BlwFpaLnObPi9pC+56BDhEz7f39bqBvkAaW61cQgj4 lRwlEHWNBFlO9XVkQwdmYrZoaeAAVxGG+iPt225dmXXZtWGMs5nYIzPj8GzRoNWQ gYAGZAOBr6pGJCQmfJIy4tLKj0H9za9pxX9RqavKrZyEtTcxpUmrh91mGZiI4eo0 7hmpILk22+6xv6pWCw8D =WWPv -----END PGP SIGNATURE-----

. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/

iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

Navigate to Settings
Select General
Select About. The version after applying this update will be "7.1.1"

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0215",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9.1"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.5"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "10.9.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.8.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.8.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.8.2"
      },
      {
        "model": "tvos",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "iphone os",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.8.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.8.5"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.0"
      },
      {
        "model": "tvos",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.8.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "6.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.8.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.9.2"
      },
      {
        "model": "tv",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "6.1.1   (apple tv first  2 after generation )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.1   (ipad 2 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.1   (iphone 4 or later )"
      },
      {
        "model": "ios",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "7.1.1   (ipod touch first  5 after generation )"
      },
      {
        "model": "iphone os",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ipad2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "30"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3.0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "tv",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.3"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.2.0"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.1.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.6"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.8.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.4"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.5"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.3.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "50"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "40"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.0"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.4.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "os mavericks",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.9.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1"
      },
      {
        "model": "iphone 4s",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.1.6"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "6.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.2"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "tv",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "7.0.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67025"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002203"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1295"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-463"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-1295"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Antoine Delignat-Lavaud, Karthikeyan Bhargavan and Alfredo Pironti of Prosecco at Inria Paris",
    "sources": [
      {
        "db": "BID",
        "id": "67025"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-1295",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-1295",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-69234",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-1295",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201404-463",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-69234",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69234"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002203"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1295"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-463"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server\u0027s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\". Multiple Apple products are prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks  or impersonate server certificate, which will aid in further attacks. Apple iOS, Apple TV and Apple OS X are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product; Apple OS X is a dedicated operating system developed for Mac computers. An attacker in a privileged network position can intercept data or alter the operations performed within the SSL-protected segment. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-04-22-1 Security Update 2014-002\n\nSecurity Update 2014-002 is now available and addresses the\nfollowing:\n\nCFNetwork HTTPProtocol\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\nImpact:  An attacker in a privileged network position can obtain web\nsite credentials\nDescription:  Set-Cookie HTTP headers would be processed even if the\nconnection closed before the header line was complete. An attacker\ncould strip security settings from the cookie by forcing the\nconnection to close before the security settings were sent, and then\nobtain the value of the unprotected cookie. This issue was addressed\nby ignoring incomplete HTTP header lines. \nCVE-ID\nCVE-2014-1296 : Antoine Delignat-Lavaud of Prosecco at Inria Paris\n\nCoreServicesUIAgent\nAvailable for:  OS X Mavericks v10.9.2\nImpact:  Visiting a maliciously crafted website or URL may result in\nan unexpected application termination or arbitrary code execution\nDescription:  A format string issue existed in the handling of URLs. \nThis issue was addressed through additional validation of URLs. This\nissue does not affect systems prior to OS X Mavericks. \nCVE-ID\nCVE-2014-1315 : Lukasz Pilorz of runic.pl, Erik Kooistra\n\nFontParser\nAvailable for:  OS X Mountain Lion v10.8.5\nImpact:  Opening a maliciously crafted PDF file may result in an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer underflow existed in the handling of fonts in\nPDF files. This issue was addressed through additional bounds\nchecking. This issue does not affect OS X Mavericks systems. \nCVE-ID\nCVE-2013-5170 : Will Dormann of CERT/CC\n\nHeimdal Kerberos\nAvailable for:  OS X Mavericks v10.9.2\nImpact:  A remote attacker may be able to cause a denial of service\nDescription:  A reachable abort existed in the handling of ASN.1\ndata. This issue was addressed through additional validation of ASN.1\ndata. \nCVE-ID\nCVE-2014-1316 : Joonas Kuorilehto of Codenomicon\n\nImageIO\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\nImpact:  Viewing a maliciously crafted JPEG image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A buffer overflow issue existed in ImageIO\u0027s handling\nof JPEG images. This issue was addressed through improved bounds\nchecking. This issue does not affect systems prior to OS X Mavericks. \nCVE-ID\nCVE-2014-1319 : Cristian Draghici of Modulo Consulting, Karl Smith of\nNCC Group\n\nIntel Graphics Driver\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\nImpact:  A malicious application can take control of the system\nDescription:  A validation issue existed in the handling of a pointer\nfrom userspace. This issue was addressed through additional\nvalidation of pointers. \nCVE-ID\nCVE-2014-1318 : Ian Beer of Google Project Zero working with HP\u0027s\nZero Day Initiative\n\nIOKit Kernel\nAvailable for:  OS X Mavericks v10.9.2\nImpact:  A local user can read kernel pointers, which can be used to\nbypass kernel address space layout randomization\nDescription:  A set of kernel pointers stored in an IOKit object\ncould be retrieved from userland. This issue was addressed through\nremoving the pointers from the object. \nCVE-ID\nCVE-2014-1320 : Ian Beer of Google Project Zero working with HP\u0027s\nZero Day Initiative\n\nKernel\nAvailable for:  OS X Mavericks v10.9.2\nImpact:  A local user can read a kernel pointer, which can be used to\nbypass kernel address space layout randomization\nDescription:  A kernel pointer stored in a XNU object could be\nretrieved from userland. This issue was addressed through removing\nthe pointer from the object. \nCVE-ID\nCVE-2014-1322 : Ian Beer of Google Project Zero\n\nPower Management\nAvailable for:  OS X Mavericks v10.9.2\nImpact:  The screen might not lock\nDescription:  If a key was pressed or the trackpad touched just after\nthe lid was closed, the system might have tried to wake up while\ngoing to sleep, which would have caused the screen to be unlocked. \nThis issue was addressed by ignoring keypresses while going to sleep. \nThis issue does not affect systems prior to OS X Mavericks. \nCVE-ID\nCVE-2014-1321 : Paul Kleeberg of Stratis Health Bloomington MN,\nJulian Sincu at the Baden-Wuerttemberg Cooperative State University\n(DHBW Stuttgart), Gerben Wierda of R\u0026A, Daniel Luz\n\nRuby\nAvailable for:  OS X Mavericks v10.9.2\nImpact:  Running a Ruby script that handles untrusted YAML tags may\nlead to an unexpected application termination or arbitrary code\nexecution\nDescription:  An integer overflow issue existed in LibYAML\u0027s handling\nof YAML tags. This issue was addressed through additional validation\nof YAML tags. This issue does not affect systems prior to OS X\nMavericks. \nCVE-ID\nCVE-2013-6393\n\nRuby\nAvailable for:  OS X Lion v10.7.5, OS X Lion Server v10.7.5,\nOS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\nImpact:  Running a Ruby script that uses untrusted input to create a\nFloat object may lead to an unexpected application termination or\narbitrary code execution\nDescription:  A heap-based buffer overflow issue existed in Ruby when\nconverting a string to a floating point value. This issue was\naddressed through additional validation of floating point values. \nTo prevent attacks based on this scenario, Secure Transport was\nchanged so that, by default, a renegotiation must present the same\nserver certificate as was presented in the original connection. This\nissue does not affect Mac OS X 10.7 systems and earlier. \nCVE-ID\nCVE-2014-1295 : Antoine Delignat-Lavaud, Karthikeyan Bhargavan and\nAlfredo Pironti of Prosecco at Inria Paris\n\nWindowServer\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.2\nImpact:  Maliciously crafted applications can execute arbitrary code\noutside the sandbox\nDescription:  WindowServer sessions could be created by sandboxed\napplications. This issue was addressed by disallowing sandboxed\napplications from creating WindowServer sessions. \nCVE-ID\nCVE-2014-1314 : KeenTeam working with HP\u0027s Zero Day Initiative\n\nNote: Security Update 2014-002 for OS X Mavericks systems includes\nthe security content of Safari 7.0.3:\nhttp://support.apple.com/kb/HT6181\n\nSecurity Update 2014-002 may be obtained via the Apple Software\nUpdate application, and from the Apple\u0027s Software Downloads web\nsite: http://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJTVqgEAAoJEPefwLHPlZEw0L8P/RIqgQPc1/RnmPBCKVnZ0QyI\n8V9jV07LyXTPySL3at/sAFac148ZYqu9cSKtRWB1oAQCnC8C20EIDLBvsysmKT/a\nzqLUP8ZGcd4jC4UYUleVgl4U9SXkp0L/HwpASXeRHGeUd/tN4eCBEgDfKSMdm8/s\n4S70gTQPRRsQR3D8RkcOITJVFCaDFy/em3AbEJyAm7yDsDOinJdRrirRe7W1Q/p6\nKBOmQYb73m0ykg08jgCjohxhTE9gpNeMeR7smN+7GsRb6XFlUOJGtnlePyLm1hN3\n85e0KRnQyhTGXJ7y6MTmKzzwJ6/iVZvEeXK1IFwXEkwLLmp5uhp7wfT3DkZZSnBm\n+uo5g2aSQ80+7ZR9psUQwXOn8/6cFyKbG5tHxkh8IY6qLacvHP5yBcw3gqlUNPg5\n2vCNWqhL8fEqncx7K1QC8CxwLQMVw9QnolukdjOxT66+kI0F/mDGeGdf/mYkGBJF\nZECjWZsoekGq4TMu75MPn8BlwFpaLnObPi9pC+56BDhEz7f39bqBvkAaW61cQgj4\nlRwlEHWNBFlO9XVkQwdmYrZoaeAAVxGG+iPt225dmXXZtWGMs5nYIzPj8GzRoNWQ\ngYAGZAOBr6pGJCQmfJIy4tLKj0H9za9pxX9RqavKrZyEtTcxpUmrh91mGZiI4eo0\n7hmpILk22+6xv6pWCw8D\n=WWPv\n-----END PGP SIGNATURE-----\n\n. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"7.1.1\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-1295"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002203"
      },
      {
        "db": "BID",
        "id": "67025"
      },
      {
        "db": "VULHUB",
        "id": "VHN-69234"
      },
      {
        "db": "PACKETSTORM",
        "id": "126271"
      },
      {
        "db": "PACKETSTORM",
        "id": "126269"
      },
      {
        "db": "PACKETSTORM",
        "id": "126270"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-1295",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVNVU95860341",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002203",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-463",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "67025",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-69234",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126271",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126269",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "126270",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69234"
      },
      {
        "db": "BID",
        "id": "67025"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002203"
      },
      {
        "db": "PACKETSTORM",
        "id": "126271"
      },
      {
        "db": "PACKETSTORM",
        "id": "126269"
      },
      {
        "db": "PACKETSTORM",
        "id": "126270"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1295"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-463"
      }
    ]
  },
  "id": "VAR-201404-0215",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69234"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:09:03.868000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT6208",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht6208"
      },
      {
        "title": "HT6209",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht6209"
      },
      {
        "title": "HT6207",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht6207"
      },
      {
        "title": "HT6207",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht6207?viewlocale=ja_jp"
      },
      {
        "title": "HT6208",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht6208?viewlocale=ja_jp"
      },
      {
        "title": "HT6209",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht6209?viewlocale=ja_jp"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002203"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69234"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002203"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1295"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
      },
      {
        "trust": 2.5,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"
      },
      {
        "trust": 2.5,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"
      },
      {
        "trust": 1.7,
        "url": "https://secure-resumption.com/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1295"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu95860341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1295"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/ios/"
      },
      {
        "trust": 0.3,
        "url": "http://support.apple.com/kb/ht1222"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1296"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.3,
        "url": "http://gpgtools.org"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1320"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1295"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1304"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1312"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1309"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1308"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1300"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1311"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1313"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1298"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1713"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1305"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1303"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1299"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1310"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1302"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2871"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1307"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5170"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1315"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6393"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/ht6181"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1314"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1316"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1319"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1322"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1318"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1321"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4164"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/itunes/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-69234"
      },
      {
        "db": "BID",
        "id": "67025"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002203"
      },
      {
        "db": "PACKETSTORM",
        "id": "126271"
      },
      {
        "db": "PACKETSTORM",
        "id": "126269"
      },
      {
        "db": "PACKETSTORM",
        "id": "126270"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1295"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-463"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-69234"
      },
      {
        "db": "BID",
        "id": "67025"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002203"
      },
      {
        "db": "PACKETSTORM",
        "id": "126271"
      },
      {
        "db": "PACKETSTORM",
        "id": "126269"
      },
      {
        "db": "PACKETSTORM",
        "id": "126270"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-1295"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-463"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-04-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-69234"
      },
      {
        "date": "2014-04-22T00:00:00",
        "db": "BID",
        "id": "67025"
      },
      {
        "date": "2014-04-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002203"
      },
      {
        "date": "2014-04-23T00:10:03",
        "db": "PACKETSTORM",
        "id": "126271"
      },
      {
        "date": "2014-04-23T00:00:30",
        "db": "PACKETSTORM",
        "id": "126269"
      },
      {
        "date": "2014-04-23T00:06:50",
        "db": "PACKETSTORM",
        "id": "126270"
      },
      {
        "date": "2014-04-23T11:52:59.383000",
        "db": "NVD",
        "id": "CVE-2014-1295"
      },
      {
        "date": "2014-04-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-463"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-69234"
      },
      {
        "date": "2014-04-22T00:00:00",
        "db": "BID",
        "id": "67025"
      },
      {
        "date": "2014-04-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002203"
      },
      {
        "date": "2019-03-08T16:06:30.077000",
        "db": "NVD",
        "id": "CVE-2014-1295"
      },
      {
        "date": "2019-03-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-463"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-463"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Apple Product  Secure Transport Vulnerability in which important information is obtained",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002203"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-463"
      }
    ],
    "trust": 0.6
  }
}

GSD-2014-1295

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-1295

Aliases

CVE-2014-1295

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-1295",
    "description": "Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server\u0027s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\"",
    "id": "GSD-2014-1295"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-1295"
      ],
      "details": "Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server\u0027s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\"",
      "id": "GSD-2014-1295",
      "modified": "2023-12-13T01:22:51.100968Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2014-1295",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server\u0027s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2014-04-22-1",
            "refsource": "APPLE",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
          },
          {
            "name": "APPLE-SA-2014-04-22-2",
            "refsource": "APPLE",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"
          },
          {
            "name": "APPLE-SA-2014-04-22-3",
            "refsource": "APPLE",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"
          },
          {
            "name": "https://secure-resumption.com/",
            "refsource": "MISC",
            "url": "https://secure-resumption.com/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2014-1295"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server\u0027s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2014-04-22-2",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"
            },
            {
              "name": "https://secure-resumption.com/",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://secure-resumption.com/"
            },
            {
              "name": "APPLE-SA-2014-04-22-3",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"
            },
            {
              "name": "APPLE-SA-2014-04-22-1",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-03-08T16:06Z",
      "publishedDate": "2014-04-23T11:52Z"
    }
  }
}

GHSA-FQ75-H86R-46HG

Vulnerability from github – Published: 2022-05-14 01:26 – Updated: 2025-04-12 12:32

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-1295"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-04-23T11:52:00Z",
    "severity": "MODERATE"
  },
  "details": "Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server\u0027s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\"",
  "id": "GHSA-fq75-h86r-46hg",
  "modified": "2025-04-12T12:32:56Z",
  "published": "2022-05-14T01:26:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-1295"
    },
    {
      "type": "WEB",
      "url": "https://secure-resumption.com"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2014-AVI-231

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Apple OS X Mavericks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à OS X Mavericks v10.9.3

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 15 mai 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 OS X Mavericks v10.9.3\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-1320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1320"
    },
    {
      "name": "CVE-2013-4164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4164"
    },
    {
      "name": "CVE-2013-6393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6393"
    },
    {
      "name": "CVE-2014-1296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1296"
    },
    {
      "name": "CVE-2013-5170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5170"
    },
    {
      "name": "CVE-2014-1314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1314"
    },
    {
      "name": "CVE-2014-1295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1295"
    },
    {
      "name": "CVE-2014-1322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1322"
    },
    {
      "name": "CVE-2014-1319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1319"
    },
    {
      "name": "CVE-2014-1318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1318"
    },
    {
      "name": "CVE-2014-1321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1321"
    },
    {
      "name": "CVE-2014-1316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1316"
    },
    {
      "name": "CVE-2014-1315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1315"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-231",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-05-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X Mavericks\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X Mavericks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 15 mai 2014",
      "url": "http://support.apple.com/kb/HT6246"
    }
  ]
}

CERTFR-2014-AVI-201

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple TV 6.1.1
Apple	N/A	Apple OS X Lion versions 10.7.5 et antérieures
Apple	N/A	Apple iOS 7.1.1
Apple	N/A	Apple OS X Lion Server versions 10.7.5 et antérieures
Apple	N/A	Apple OS X Mountain Lion versions 10.8.5 et antérieures
Apple	N/A	Apple AirPort Base Station Firmware Update 7.7.3
Apple	N/A	Apple OS X Mountain Lion Server versions 10.8.5 et antérieures
Apple	N/A	Apple OS X Mavericks versions 10.9.2 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT6209 du 22 avril 2014	None	vendor-advisory
Bulletin de sécurité Apple HT6207 du 22 avril 2014	None	vendor-advisory
Bulletin de sécurité Apple HT6203 du 22 avril 2014	None	vendor-advisory
Bulletin de sécurité Apple HT6208 du 22 avril 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple TV 6.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X Lion versions 10.7.5 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X Lion Server versions 10.7.5 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X Mountain Lion versions 10.8.5 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple AirPort Base Station Firmware Update 7.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X Mountain Lion Server versions 10.8.5 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X Mavericks versions 10.9.2 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-1320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1320"
    },
    {
      "name": "CVE-2014-1312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1312"
    },
    {
      "name": "CVE-2013-4164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4164"
    },
    {
      "name": "CVE-2014-1298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1298"
    },
    {
      "name": "CVE-2014-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0160"
    },
    {
      "name": "CVE-2014-1313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1313"
    },
    {
      "name": "CVE-2013-6393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6393"
    },
    {
      "name": "CVE-2014-1296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1296"
    },
    {
      "name": "CVE-2014-1302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1302"
    },
    {
      "name": "CVE-2013-5170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5170"
    },
    {
      "name": "CVE-2014-1304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1304"
    },
    {
      "name": "CVE-2014-1311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1311"
    },
    {
      "name": "CVE-2014-1300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1300"
    },
    {
      "name": "CVE-2014-1305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1305"
    },
    {
      "name": "CVE-2014-1713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1713"
    },
    {
      "name": "CVE-2014-1307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1307"
    },
    {
      "name": "CVE-2014-1314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1314"
    },
    {
      "name": "CVE-2014-1299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1299"
    },
    {
      "name": "CVE-2014-1295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1295"
    },
    {
      "name": "CVE-2014-1322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1322"
    },
    {
      "name": "CVE-2014-1319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1319"
    },
    {
      "name": "CVE-2014-1318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1318"
    },
    {
      "name": "CVE-2014-1310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1310"
    },
    {
      "name": "CVE-2014-1321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1321"
    },
    {
      "name": "CVE-2014-1303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1303"
    },
    {
      "name": "CVE-2014-1309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1309"
    },
    {
      "name": "CVE-2014-1316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1316"
    },
    {
      "name": "CVE-2014-1308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1308"
    },
    {
      "name": "CVE-2013-2871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2871"
    },
    {
      "name": "CVE-2014-1315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1315"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-201",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-04-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6209 du 22 avril 2014",
      "url": "http://support.apple.com/kb/HT6209"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6207 du 22 avril 2014",
      "url": "http://support.apple.com/kb/HT6207"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6203 du 22 avril 2014",
      "url": "http://support.apple.com/kb/HT6203"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6208 du 22 avril 2014",
      "url": "http://support.apple.com/kb/HT6208"
    }
  ]
}

CERTFR-2014-AVI-231

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à OS X Mavericks v10.9.3

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple du 15 mai 2014

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 OS X Mavericks v10.9.3\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-1320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1320"
    },
    {
      "name": "CVE-2013-4164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4164"
    },
    {
      "name": "CVE-2013-6393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6393"
    },
    {
      "name": "CVE-2014-1296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1296"
    },
    {
      "name": "CVE-2013-5170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5170"
    },
    {
      "name": "CVE-2014-1314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1314"
    },
    {
      "name": "CVE-2014-1295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1295"
    },
    {
      "name": "CVE-2014-1322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1322"
    },
    {
      "name": "CVE-2014-1319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1319"
    },
    {
      "name": "CVE-2014-1318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1318"
    },
    {
      "name": "CVE-2014-1321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1321"
    },
    {
      "name": "CVE-2014-1316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1316"
    },
    {
      "name": "CVE-2014-1315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1315"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-231",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-05-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X Mavericks\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X Mavericks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple du 15 mai 2014",
      "url": "http://support.apple.com/kb/HT6246"
    }
  ]
}

CERTFR-2014-AVI-201

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple TV 6.1.1
Apple	N/A	Apple OS X Lion versions 10.7.5 et antérieures
Apple	N/A	Apple iOS 7.1.1
Apple	N/A	Apple OS X Lion Server versions 10.7.5 et antérieures
Apple	N/A	Apple OS X Mountain Lion versions 10.8.5 et antérieures
Apple	N/A	Apple AirPort Base Station Firmware Update 7.7.3
Apple	N/A	Apple OS X Mountain Lion Server versions 10.8.5 et antérieures
Apple	N/A	Apple OS X Mavericks versions 10.9.2 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT6209 du 22 avril 2014	None	vendor-advisory
Bulletin de sécurité Apple HT6207 du 22 avril 2014	None	vendor-advisory
Bulletin de sécurité Apple HT6203 du 22 avril 2014	None	vendor-advisory
Bulletin de sécurité Apple HT6208 du 22 avril 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple TV 6.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X Lion versions 10.7.5 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS 7.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X Lion Server versions 10.7.5 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X Mountain Lion versions 10.8.5 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple AirPort Base Station Firmware Update 7.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X Mountain Lion Server versions 10.8.5 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X Mavericks versions 10.9.2 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-1320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1320"
    },
    {
      "name": "CVE-2014-1312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1312"
    },
    {
      "name": "CVE-2013-4164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4164"
    },
    {
      "name": "CVE-2014-1298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1298"
    },
    {
      "name": "CVE-2014-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0160"
    },
    {
      "name": "CVE-2014-1313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1313"
    },
    {
      "name": "CVE-2013-6393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-6393"
    },
    {
      "name": "CVE-2014-1296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1296"
    },
    {
      "name": "CVE-2014-1302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1302"
    },
    {
      "name": "CVE-2013-5170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5170"
    },
    {
      "name": "CVE-2014-1304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1304"
    },
    {
      "name": "CVE-2014-1311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1311"
    },
    {
      "name": "CVE-2014-1300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1300"
    },
    {
      "name": "CVE-2014-1305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1305"
    },
    {
      "name": "CVE-2014-1713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1713"
    },
    {
      "name": "CVE-2014-1307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1307"
    },
    {
      "name": "CVE-2014-1314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1314"
    },
    {
      "name": "CVE-2014-1299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1299"
    },
    {
      "name": "CVE-2014-1295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1295"
    },
    {
      "name": "CVE-2014-1322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1322"
    },
    {
      "name": "CVE-2014-1319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1319"
    },
    {
      "name": "CVE-2014-1318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1318"
    },
    {
      "name": "CVE-2014-1310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1310"
    },
    {
      "name": "CVE-2014-1321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1321"
    },
    {
      "name": "CVE-2014-1303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1303"
    },
    {
      "name": "CVE-2014-1309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1309"
    },
    {
      "name": "CVE-2014-1316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1316"
    },
    {
      "name": "CVE-2014-1308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1308"
    },
    {
      "name": "CVE-2013-2871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2871"
    },
    {
      "name": "CVE-2014-1315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1315"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-201",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-04-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6209 du 22 avril 2014",
      "url": "http://support.apple.com/kb/HT6209"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6207 du 22 avril 2014",
      "url": "http://support.apple.com/kb/HT6207"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6203 du 22 avril 2014",
      "url": "http://support.apple.com/kb/HT6203"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6208 du 22 avril 2014",
      "url": "http://support.apple.com/kb/HT6208"
    }
  ]
}

FKIE_CVE-2014-1295

Vulnerability from fkie_nvd - Published: 2014-04-23 11:52 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html
product-security@apple.com	http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html
product-security@apple.com	http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html
product-security@apple.com	https://secure-resumption.com/	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html
af854a3a-2127-422b-91ae-364da2661108	https://secure-resumption.com/	Exploit

Impacted products

Vendor	Product	Version
apple	iphone_os	*
apple	iphone_os	7.0
apple	iphone_os	7.0.1
apple	iphone_os	7.0.2
apple	iphone_os	7.0.3
apple	iphone_os	7.0.4
apple	iphone_os	7.0.5
apple	iphone_os	7.0.6
apple	mac_os_x	10.9
apple	mac_os_x	10.9.1
apple	mac_os_x	10.9.2
apple	tvos	*
apple	tvos	6.0
apple	tvos	6.0.1
apple	tvos	6.0.2
apple	mac_os_x	10.8.0
apple	mac_os_x	10.8.1
apple	mac_os_x	10.8.2
apple	mac_os_x	10.8.3
apple	mac_os_x	10.8.4
apple	mac_os_x	10.8.5
apple	mac_os_x	10.8.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "416E8374-1E96-4F30-8270-CC71EBD96257",
              "versionEndIncluding": "7.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07A11433-B725-4BD6-B998-4B3637F061EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FD62141-07B1-4E3D-80BC-25D519F90DBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9737BD4-B4F4-4291-A1E9-B692ECBC657E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6160869-944D-4E34-BB81-6A1259D692B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "090CAC3C-4B20-46E5-A8C7-950B7E1DB5E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96F77DD-0962-4E55-97A2-9BC2FE01D8A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BD9ACBF-34A4-4181-A6E0-78ABD4FC9ACB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48A5310-A589-4E9B-99BC-F840CC1A6A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F241EBFB-CCB3-4D16-B476-AC1578D3C435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AEAD650-87D1-49BB-A8C7-BA39FD47285C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF977CDC-9F9B-4F56-A488-061A67981716",
              "versionEndIncluding": "6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5365205F-B91D-4123-8CFD-EA42E0DEA944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8C7F676-5ACC-4330-9591-465CA8AF77AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5314D7F-8352-41F5-A155-5E5392C58ABF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2082D62-3821-4DBA-8690-67489F44C38D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0DB1BC-DC16-423E-B0C7-8E9C996A50B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E59315BA-B9F1-46A5-86E7-8BE2ED97BA4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "55841123-F78F-42E0-8D40-C688C4B4D29C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "252640D3-5CB8-4C3D-9E8B-ED452293C805",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3D30B4B-DA63-40B0-B0C9-F3992CF25706",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.8.5:supplemental_update:*:*:*:*:*:*",
              "matchCriteriaId": "2F1DAD30-BA77-40C2-9245-05DF871FDDC0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and 10.9.x through 10.9.2, and Apple TV before 6.1.1 does not ensure that a server\u0027s X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a \"triple handshake attack.\""
    },
    {
      "lang": "es",
      "value": "Secure Transport en Apple iOS anterior a 7.1.1, Apple OS X 10.8.x y 10.9.x hasta 10.9.2 y Apple TV anterior a 6.1.1 no asegura que el certificado X.509 de un servidor es el mismo durante renegaciaci\u00f3n que era antes de renegociaci\u00f3n, lo que permite a atacantes man-in-the-middle obtener informaci\u00f3n sensible o modificar datos de sesi\u00f3n TLS a trav\u00e9s de un \"ataque de negociaci\u00f3n triple.\""
    }
  ],
  "id": "CVE-2014-1295",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-23T11:52:59.383",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://secure-resumption.com/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://secure-resumption.com/"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-1295 (GCVE-0-2014-1295)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature