var-201401-0569
Vulnerability from variot
Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream. Apple iTunes is prone to a man-in-the-middle vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and disclose sensitive information, which will aid in further attacks. Apple iTunes versions prior to 11.1.4 are vulnerable. Apple Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-01-22-1 iTunes 11.1.4
iTunes 11.1.4 is now available and addresses the following:
iTunes Available for: Mac OS X v10.6.8 or later, Windows 8, Windows 7, Vista, XP SP2 or later Impact: An attacker with a privileged network position may control the contents of the iTunes Tutorials window Description: The contents of the iTunes Tutorials window are retrieved from the network using an unprotected HTTP connection. An attacker with a privileged network position may inject arbitrary contents. This issue was addressed by using an encrypted HTTPS connection to retrieve tutorials. CVE-ID CVE-2014-1242 : Apple
iTunes Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: An uninitialized memory access issue existed in the handling of text tracks. This issue was addressed by additional validation of text tracks. CVE-ID CVE-2013-1024 : Richard Kuo and Billy Suguitan of Triemt Corporation
iTunes Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code executionn Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2013-1037 : Google Chrome Security Team CVE-2013-1038 : Google Chrome Security Team CVE-2013-1039 : own-hero Research working with iDefense VCP CVE-2013-1040 : Google Chrome Security Team CVE-2013-1041 : Google Chrome Security Team CVE-2013-1042 : Google Chrome Security Team CVE-2013-1043 : Google Chrome Security Team CVE-2013-1044 : Apple CVE-2013-1045 : Google Chrome Security Team CVE-2013-1046 : Google Chrome Security Team CVE-2013-1047 : miaubiz CVE-2013-2842 : Cyril Cattiaux CVE-2013-5125 : Google Chrome Security Team CVE-2013-5126 : Apple CVE-2013-5127 : Google Chrome Security Team CVE-2013-5128 : Apple
libxml Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code executionn Description: Multiple memory corruption issues existed in libxml. These issues were addressed by updating libxml to version 2.9.0. CVE-ID CVE-2011-3102 : Juri Aedla CVE-2012-0841 CVE-2012-2807 : Juri Aedla CVE-2012-5134 : Google Chrome Security Team (Juri Aedla)
libxslt Available for: Windows 8, Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code executionn Description: Multiple memory corruption issues existed in libxslt. These issues were addressed by updating libxslt to version 1.1.28. CVE-ID CVE-2012-2825 : Nicolas Gregoire CVE-2012-2870 : Nicolas Gregoire CVE-2012-2871 : Kai Lu of Fortinet's FortiGuard Labs, Nicolas Gregoire
iTunes 11.1.4 may be obtained from: http://www.apple.com/itunes/download/
For OS X: The download file is named: iTunes11.1.4.dmg Its SHA-1 digest is: ffde4658def154edfa479696e40588e9252e7276
For Windows XP / Vista / Windows 7 / Windows 8: The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 3701f3e7f7c44bad05631533f2ab52e08ae0ba1f
For 64-bit Windows XP / Vista / Windows 7 / Windows 8: The download file is named: "iTunes64Setup.exe" Its SHA-1 digest is: fd9caee83907b9f6aa01d031f63fa9ed9be2bfab
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJS4DtWAAoJEPefwLHPlZEwEyIQAJ4B3eB18xKixTw39CTkiIf2 dQlDo2gk8ghBHTS4ZQU74OuGyEall3AgXqz/ENrrapgTT9Ej+OVtcofZIOM7IuFC svag6TSYEkvNLbQMfhVOYvEbwc1Is56tu9huWgYpGpPrZYF0LfNyUYUd3DuWQ2de 1P2vfeowCxd9Orp2aw5w48gJkCFHcxtKpY7QSenn9ZEVKo7KM9ejwQqLWwdwwK45 koP3ovYJa61eLjth61+f85H2xkb6zB6zM5qGPwxNRknPdttabl+NNxiR93jvAoMr 8OUSMErSjxUN9HSBd+ZXtCCmK+NmYnYJk1HtIq11p4OZk8XvNVzzh3JtePAXoRjj 6xQsoC0EjxzV7aYPaje2aiY3XfuT4gLX1NI+ZnTNfy6Y3BMZ8FId1XnBESyevMXw AowaQk6FNiz3qHNTSaJCmjMtVScu2m9OKANGexadETw2/NFMRsfHdDEf7bN8Lj85 MbPhgFW6qMKjJ15g0NW1gvvZjbJCcL6Y2LdjabWFeIJLV7gXE3lviIwMwFfQqBqN B+w6o6PQPrGxSzSGzjIf/76qLYJjL7zenGERCHJiOH54LMITZn8db3lECY1CMUXw lsKk4W7IeI2u43hxaYaYfSpdjF14U2CrRJSFHcyFe2oPxU26hxCax3AyHLxncPoX eWabnIgZ1wYWZB0y8x5K =pK6I -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0569",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "11.1.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "11.1.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "11.0.5"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "11.0.4"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "11.0.2"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "11.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "11.0.3"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "11.0.1"
},
{
"model": "itunes",
"scope": "eq",
"trust": 1.9,
"vendor": "apple",
"version": "11.0"
},
{
"model": "itunes",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1.4 (mac os x v10.6.8 or later )"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1.4 (windows 7)"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1.4 (windows 8)"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1.4 (windows vista)"
},
{
"model": "itunes",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "11.1.4 (windows xp sp2 or later )"
},
{
"model": "itunes",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "11.1.3"
},
{
"model": "itunes",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "11.1.4"
}
],
"sources": [
{
"db": "BID",
"id": "65088"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001243"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-486"
},
{
"db": "NVD",
"id": "CVE-2014-1242"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apple:itunes",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001243"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "BID",
"id": "65088"
},
{
"db": "PACKETSTORM",
"id": "124932"
}
],
"trust": 0.4
},
"cve": "CVE-2014-1242",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1242",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-69181",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1242",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-1242",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-486",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69181",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-1242",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69181"
},
{
"db": "VULMON",
"id": "CVE-2014-1242"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001243"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-486"
},
{
"db": "NVD",
"id": "CVE-2014-1242"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream. Apple iTunes is prone to a man-in-the-middle vulnerability. \nAn attacker can exploit this issue to perform man-in-the-middle attacks and disclose sensitive information, which will aid in further attacks. \nApple iTunes versions prior to 11.1.4 are vulnerable. Apple Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-01-22-1 iTunes 11.1.4\n\niTunes 11.1.4 is now available and addresses the following:\n\niTunes\nAvailable for: Mac OS X v10.6.8 or later, Windows 8, Windows 7,\nVista, XP SP2 or later\nImpact: An attacker with a privileged network position may control\nthe contents of the iTunes Tutorials window\nDescription: The contents of the iTunes Tutorials window are\nretrieved from the network using an unprotected HTTP connection. An\nattacker with a privileged network position may inject arbitrary\ncontents. This issue was addressed by using an encrypted HTTPS\nconnection to retrieve tutorials. \nCVE-ID\nCVE-2014-1242 : Apple\n\niTunes\nAvailable for: Windows 8, Windows 7, Vista, XP SP2 or later\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: An uninitialized memory access issue existed in the\nhandling of text tracks. This issue was addressed by additional\nvalidation of text tracks. \nCVE-ID\nCVE-2013-1024 : Richard Kuo and Billy Suguitan of Triemt Corporation\n\niTunes\nAvailable for: Windows 8, Windows 7, Vista, XP SP2 or later\nImpact: A man-in-the-middle attack while browsing the iTunes Store\nvia iTunes may lead to an unexpected application termination or\narbitrary code executionn\nDescription: Multiple memory corruption issues existed in WebKit. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2013-1037 : Google Chrome Security Team\nCVE-2013-1038 : Google Chrome Security Team\nCVE-2013-1039 : own-hero Research working with iDefense VCP\nCVE-2013-1040 : Google Chrome Security Team\nCVE-2013-1041 : Google Chrome Security Team\nCVE-2013-1042 : Google Chrome Security Team\nCVE-2013-1043 : Google Chrome Security Team\nCVE-2013-1044 : Apple\nCVE-2013-1045 : Google Chrome Security Team\nCVE-2013-1046 : Google Chrome Security Team\nCVE-2013-1047 : miaubiz\nCVE-2013-2842 : Cyril Cattiaux\nCVE-2013-5125 : Google Chrome Security Team\nCVE-2013-5126 : Apple\nCVE-2013-5127 : Google Chrome Security Team\nCVE-2013-5128 : Apple\n\nlibxml\nAvailable for: Windows 8, Windows 7, Vista, XP SP2 or later\nImpact: A man-in-the-middle attack while browsing the iTunes Store\nvia iTunes may lead to an unexpected application termination or\narbitrary code executionn\nDescription: Multiple memory corruption issues existed in libxml. \nThese issues were addressed by updating libxml to version 2.9.0. \nCVE-ID\nCVE-2011-3102 : Juri Aedla\nCVE-2012-0841\nCVE-2012-2807 : Juri Aedla\nCVE-2012-5134 : Google Chrome Security Team (Juri Aedla)\n\nlibxslt\nAvailable for: Windows 8, Windows 7, Vista, XP SP2 or later\nImpact: A man-in-the-middle attack while browsing the iTunes Store\nvia iTunes may lead to an unexpected application termination or\narbitrary code executionn\nDescription: Multiple memory corruption issues existed in libxslt. \nThese issues were addressed by updating libxslt to version 1.1.28. \nCVE-ID\nCVE-2012-2825 : Nicolas Gregoire\nCVE-2012-2870 : Nicolas Gregoire\nCVE-2012-2871 : Kai Lu of Fortinet\u0027s FortiGuard Labs, Nicolas\nGregoire\n\n\niTunes 11.1.4 may be obtained from:\nhttp://www.apple.com/itunes/download/\n\nFor OS X:\nThe download file is named: iTunes11.1.4.dmg\nIts SHA-1 digest is: ffde4658def154edfa479696e40588e9252e7276\n\nFor Windows XP / Vista / Windows 7 / Windows 8:\nThe download file is named: \"iTunesSetup.exe\"\nIts SHA-1 digest is: 3701f3e7f7c44bad05631533f2ab52e08ae0ba1f\n\nFor 64-bit Windows XP / Vista / Windows 7 / Windows 8:\nThe download file is named: \"iTunes64Setup.exe\"\nIts SHA-1 digest is: fd9caee83907b9f6aa01d031f63fa9ed9be2bfab\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJS4DtWAAoJEPefwLHPlZEwEyIQAJ4B3eB18xKixTw39CTkiIf2\ndQlDo2gk8ghBHTS4ZQU74OuGyEall3AgXqz/ENrrapgTT9Ej+OVtcofZIOM7IuFC\nsvag6TSYEkvNLbQMfhVOYvEbwc1Is56tu9huWgYpGpPrZYF0LfNyUYUd3DuWQ2de\n1P2vfeowCxd9Orp2aw5w48gJkCFHcxtKpY7QSenn9ZEVKo7KM9ejwQqLWwdwwK45\nkoP3ovYJa61eLjth61+f85H2xkb6zB6zM5qGPwxNRknPdttabl+NNxiR93jvAoMr\n8OUSMErSjxUN9HSBd+ZXtCCmK+NmYnYJk1HtIq11p4OZk8XvNVzzh3JtePAXoRjj\n6xQsoC0EjxzV7aYPaje2aiY3XfuT4gLX1NI+ZnTNfy6Y3BMZ8FId1XnBESyevMXw\nAowaQk6FNiz3qHNTSaJCmjMtVScu2m9OKANGexadETw2/NFMRsfHdDEf7bN8Lj85\nMbPhgFW6qMKjJ15g0NW1gvvZjbJCcL6Y2LdjabWFeIJLV7gXE3lviIwMwFfQqBqN\nB+w6o6PQPrGxSzSGzjIf/76qLYJjL7zenGERCHJiOH54LMITZn8db3lECY1CMUXw\nlsKk4W7IeI2u43hxaYaYfSpdjF14U2CrRJSFHcyFe2oPxU26hxCax3AyHLxncPoX\neWabnIgZ1wYWZB0y8x5K\n=pK6I\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1242"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001243"
},
{
"db": "BID",
"id": "65088"
},
{
"db": "VULHUB",
"id": "VHN-69181"
},
{
"db": "VULMON",
"id": "CVE-2014-1242"
},
{
"db": "PACKETSTORM",
"id": "124932"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1242",
"trust": 3.0
},
{
"db": "BID",
"id": "65088",
"trust": 1.5
},
{
"db": "OSVDB",
"id": "102410",
"trust": 1.2
},
{
"db": "SECTRACK",
"id": "1029671",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU94321146",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001243",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-486",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-69181",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-1242",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "124932",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69181"
},
{
"db": "VULMON",
"id": "CVE-2014-1242"
},
{
"db": "BID",
"id": "65088"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001243"
},
{
"db": "PACKETSTORM",
"id": "124932"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-486"
},
{
"db": "NVD",
"id": "CVE-2014-1242"
}
]
},
"id": "VAR-201401-0569",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69181"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:16:35.870000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT6001",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6001"
},
{
"title": "HT6001",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT6001?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001243"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69181"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001243"
},
{
"db": "NVD",
"id": "CVE-2014-1242"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://support.apple.com/kb/ht6001"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/65088"
},
{
"trust": 1.2,
"url": "http://osvdb.org/102410"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1029671"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90653"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1242"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94321146/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1242"
},
{
"trust": 0.3,
"url": "http://software.cisco.com/download/navigator.html?mdfid=283613663"
},
{
"trust": 0.3,
"url": "http://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1039"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1045"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0841"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1024"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5125"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1043"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1041"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-5134"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1038"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5126"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1044"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1042"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2807"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2825"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1046"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2871"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-2870"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1047"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5127"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2842"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1242"
},
{
"trust": 0.1,
"url": "http://gpgtools.org"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5128"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1037"
},
{
"trust": 0.1,
"url": "http://www.apple.com/itunes/download/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3102"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69181"
},
{
"db": "VULMON",
"id": "CVE-2014-1242"
},
{
"db": "BID",
"id": "65088"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001243"
},
{
"db": "PACKETSTORM",
"id": "124932"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-486"
},
{
"db": "NVD",
"id": "CVE-2014-1242"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-69181"
},
{
"db": "VULMON",
"id": "CVE-2014-1242"
},
{
"db": "BID",
"id": "65088"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001243"
},
{
"db": "PACKETSTORM",
"id": "124932"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-486"
},
{
"db": "NVD",
"id": "CVE-2014-1242"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-23T00:00:00",
"db": "VULHUB",
"id": "VHN-69181"
},
{
"date": "2014-01-23T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1242"
},
{
"date": "2014-01-22T00:00:00",
"db": "BID",
"id": "65088"
},
{
"date": "2014-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001243"
},
{
"date": "2014-01-24T01:33:33",
"db": "PACKETSTORM",
"id": "124932"
},
{
"date": "2014-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-486"
},
{
"date": "2014-01-23T19:55:04.097000",
"db": "NVD",
"id": "CVE-2014-1242"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-69181"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1242"
},
{
"date": "2014-01-22T00:00:00",
"db": "BID",
"id": "65088"
},
{
"date": "2014-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001243"
},
{
"date": "2014-04-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-486"
},
{
"date": "2024-11-21T02:03:54.450000",
"db": "NVD",
"id": "CVE-2014-1242"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-486"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple iTunes Vulnerable to content spoofing",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001243"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-486"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…