- Home
- CVEs with nessus.description==The version of Apple iTunes running on the remote host is prior to version 11.2. It is, therefore, affected by multiple vulnerabilities :
- A flaw exists in the CFNetwork HTTPProtocol due to a failure to properly ensure that a Set-Cookie HTTP header is complete before interpreting the header's value. A man-in-the-middle attacker can exploit this to bypass security settings by closing the connection before the security settings are sent, resulting in the disclosure of sensitive information. (CVE-2014-1296)
- A memory corruption issue exists due to improper validation of user-supplied input when handling MP4 files. An attacker can exploit this, by convincing a user to open a specially crafted MP4 file, to corrupt memory, resulting in the execution of arbitrary code.
(CVE-2014-8842)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top