var-201402-0405
Vulnerability from variot
The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. Apple iOS and TV are prone to a security-bypass vulnerability because it fails to properly validate connections. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Apple iOS, Apple TV and Apple OS X are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product; Apple OS X is a dedicated operating system developed for Mac computers. There is a security vulnerability in the 'SSLVerifySignedServerKeyExchange' function in the libsecurity_ssl/lib/sslKeyExchange.c file of the Secure Transport function of the Data Security component in Apple iOS. An attacker in a privileged network position could potentially capture or modify data in an SSL/TLS-protected session. The following versions are affected: Apple iOS 6.x prior to 6.1.6 and 7.x prior to 7.0.6, Apple TV 6.x prior to 6.0.2, Apple OS X 10.9.x prior to 10.9.2 Version. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2014-02-21-2 iOS 7.0.6
iOS 7.0.6 is now available and addresses the following:
Data Security Available for: iPhone 4 and later, iPod touch (5th generation), iPad 2 and later Impact: An attacker with a privileged network position may capture or modify data in sessions protected by SSL/TLS Description: Secure Transport failed to validate the authenticity of the connection. This issue was addressed by restoring missing validation steps. CVE-ID CVE-2014-1266
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
- Navigate to Settings
- Select General
- Select About. The version after applying this update will be "7.0.6".
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org
iQIcBAEBAgAGBQJTBpN9AAoJEPefwLHPlZEwFpYP/2Ac20hocp3/xWv08EFmpZpl T52aoGMpJxZFRh307mS76jNXDZ2KodcBboESKbYE8PxMK9DkAtqEbSQjMa9cUK3+ 3iUhqNnFm7YrG8+8JVoZ58Jxiq9zEmKGVEf+s4o1F1ORJPAQRDROiC5MBru1UOAb /sXZeX1Awr81RJeu4f8A9Qddu6AEICr2sYRlWQA8wa24Y2qswrOvqvFRSK4WnB8L 6sqe6JL0C59GhjRh11WsObMQN+vbBcVty7q4e0WfuLNt0LP8yZBC2XruAx0Q2v1k t5JA6keq7zwAzE+zO4qjYXGTVePyPe7vJx00ndjvTjAI7iXrcRgNxUuH5BAj7O7h agzSWNKvaUYynJd2oiv5onN7kh+3UbexiXIKOc5ZgOpVk7fgLCnN9UcPuxpGjF5u RODQM5LtAYEdmzs4Ws711Gu+k0OT3QTWXWu9/k6Yp2DKwCjDp9gzM/EhT5T7PqCL KM8gnGOiTJh0vUmdI94huF987heNBzoRId/wdip/e2iXKTGB3Z8AipmDi72v63FB seh7rZWOgxZ+9YSCyXFl4FfcZDBSEhERzw2C8OXP2iXBzspM3LsqlqBbbyTB/bRm lOSrP8nxkf0Fw8ehqs52wxfjenk2hvnkHddE4HU3DuvoK4M9hZ98sLppHxoxw7Lp aMn7lqBBT+6V5+uaVkA8 =klGW -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0405",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tvos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.9"
},
{
"model": "iphone os",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "7.0"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "6.1.6"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.0.6"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "6.0.2"
},
{
"model": "iphone os",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "6.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.9.2"
},
{
"model": "apple tv",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "6.1.6"
},
{
"model": "ios",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "7.0.6"
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "7.x (ipad 2 from )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "7.x (ipod touch no. 5 generation )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "6.x (iphone 3gs)"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "7.x (iphone 4 from )"
},
{
"model": "ios",
"scope": "lt",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "6.x (ipod touch no. 4 generation )"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.0.1"
},
{
"model": "tv",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "6.0"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.4"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.9.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.9"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.1"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.2"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "7.0.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001444"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-306"
},
{
"db": "NVD",
"id": "CVE-2014-1266"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "65738"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1266",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-1266",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-69205",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2014-1266",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2014-1266",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1266",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-1266",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-306",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69205",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-1266",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69205"
},
{
"db": "VULMON",
"id": "CVE-2014-1266"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001444"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-306"
},
{
"db": "NVD",
"id": "CVE-2014-1266"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. Apple iOS and TV are prone to a security-bypass vulnerability because it fails to properly validate connections. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. Apple iOS, Apple TV and Apple OS X are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; Apple TV is a high-definition TV set-top box product; Apple OS X is a dedicated operating system developed for Mac computers. There is a security vulnerability in the \u0027SSLVerifySignedServerKeyExchange\u0027 function in the libsecurity_ssl/lib/sslKeyExchange.c file of the Secure Transport function of the Data Security component in Apple iOS. An attacker in a privileged network position could potentially capture or modify data in an SSL/TLS-protected session. The following versions are affected: Apple iOS 6.x prior to 6.1.6 and 7.x prior to 7.0.6, Apple TV 6.x prior to 6.0.2, Apple OS X 10.9.x prior to 10.9.2 Version. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2014-02-21-2 iOS 7.0.6\n\niOS 7.0.6 is now available and addresses the following:\n\nData Security\nAvailable for: iPhone 4 and later, iPod touch (5th generation),\niPad 2 and later\nImpact: An attacker with a privileged network position may capture\nor modify data in sessions protected by SSL/TLS\nDescription: Secure Transport failed to validate the authenticity of\nthe connection. This issue was addressed by restoring missing\nvalidation steps. \nCVE-ID\nCVE-2014-1266\n\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \n\nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n\n* Navigate to Settings\n* Select General\n* Select About. The version after applying this update\nwill be \"7.0.6\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.22 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQIcBAEBAgAGBQJTBpN9AAoJEPefwLHPlZEwFpYP/2Ac20hocp3/xWv08EFmpZpl\nT52aoGMpJxZFRh307mS76jNXDZ2KodcBboESKbYE8PxMK9DkAtqEbSQjMa9cUK3+\n3iUhqNnFm7YrG8+8JVoZ58Jxiq9zEmKGVEf+s4o1F1ORJPAQRDROiC5MBru1UOAb\n/sXZeX1Awr81RJeu4f8A9Qddu6AEICr2sYRlWQA8wa24Y2qswrOvqvFRSK4WnB8L\n6sqe6JL0C59GhjRh11WsObMQN+vbBcVty7q4e0WfuLNt0LP8yZBC2XruAx0Q2v1k\nt5JA6keq7zwAzE+zO4qjYXGTVePyPe7vJx00ndjvTjAI7iXrcRgNxUuH5BAj7O7h\nagzSWNKvaUYynJd2oiv5onN7kh+3UbexiXIKOc5ZgOpVk7fgLCnN9UcPuxpGjF5u\nRODQM5LtAYEdmzs4Ws711Gu+k0OT3QTWXWu9/k6Yp2DKwCjDp9gzM/EhT5T7PqCL\nKM8gnGOiTJh0vUmdI94huF987heNBzoRId/wdip/e2iXKTGB3Z8AipmDi72v63FB\nseh7rZWOgxZ+9YSCyXFl4FfcZDBSEhERzw2C8OXP2iXBzspM3LsqlqBbbyTB/bRm\nlOSrP8nxkf0Fw8ehqs52wxfjenk2hvnkHddE4HU3DuvoK4M9hZ98sLppHxoxw7Lp\naMn7lqBBT+6V5+uaVkA8\n=klGW\n-----END PGP SIGNATURE-----\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1266"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001444"
},
{
"db": "BID",
"id": "65738"
},
{
"db": "VULHUB",
"id": "VHN-69205"
},
{
"db": "VULMON",
"id": "CVE-2014-1266"
},
{
"db": "PACKETSTORM",
"id": "125371"
},
{
"db": "PACKETSTORM",
"id": "125347"
},
{
"db": "PACKETSTORM",
"id": "125370"
}
],
"trust": 2.34
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-69205",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69205"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1266",
"trust": 4.0
},
{
"db": "JVN",
"id": "JVNVU95868425",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001444",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201402-306",
"trust": 0.7
},
{
"db": "BID",
"id": "65738",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "125347",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "125371",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "125370",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-69205",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-1266",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69205"
},
{
"db": "VULMON",
"id": "CVE-2014-1266"
},
{
"db": "BID",
"id": "65738"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001444"
},
{
"db": "PACKETSTORM",
"id": "125371"
},
{
"db": "PACKETSTORM",
"id": "125347"
},
{
"db": "PACKETSTORM",
"id": "125370"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-306"
},
{
"db": "NVD",
"id": "CVE-2014-1266"
}
]
},
"id": "VAR-201402-0405",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69205"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T20:52:46.382000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT6150",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2014/Feb/msg00000.html"
},
{
"title": "OSXUpd10.9.2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48233"
},
{
"title": "apple-tv-video-converter",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48232"
},
{
"title": "iPhone4,1_7.0.6_11B651_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48231"
},
{
"title": "iPhone2,1_6.1.6_10B500_Restore",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48230"
},
{
"title": "OS X/iOS SSL Flaw POC",
"trust": 0.1,
"url": "https://github.com/gabrielg/CVE-2014-1266-poc "
},
{
"title": "SSL Patch (CVE-2014-1266)",
"trust": 0.1,
"url": "https://github.com/linusyang/SSLPatch "
},
{
"title": "Reverse-Engineering-toolkit\nDirectory\nIDA\nGhidra\nx64dbg\nOllyDbg\nWinDBG\nAndroid\nApple\u0026\u0026iOS\u0026\u0026iXxx\nCuckoo\nDBI",
"trust": 0.1,
"url": "https://github.com/geeksniper/reverse-engineering-toolkit "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/JERRY123S/all-poc "
},
{
"title": "Table of Contents",
"trust": 0.1,
"url": "https://github.com/CVEDB/top "
},
{
"title": "Table of Contents",
"trust": 0.1,
"url": "https://github.com/CVEDB/awesome-cve-repo "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/hktalent/TOP "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/cyberanand1337x/bug-bounty-2022 "
},
{
"title": "TOP\nTable of Contents\nDonation",
"trust": 0.1,
"url": "https://github.com/weeka10/-hktalent-TOP "
},
{
"title": "The Register",
"trust": 0.1,
"url": "https://www.theregister.co.uk/2014/02/21/apple_patches_ios_ssl_vulnerability/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-1266"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001444"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-306"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.0
},
{
"problemtype": "Illegal certificate verification (CWE-295) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": "CWE-20",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69205"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001444"
},
{
"db": "NVD",
"id": "CVE-2014-1266"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://news.ycombinator.com/item?id=7281378"
},
{
"trust": 2.5,
"url": "http://it.slashdot.org/comments.pl?sid=4821073\u0026cid=46310187"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht6146"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht6147"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht6148"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht6150"
},
{
"trust": 1.8,
"url": "https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-23.html"
},
{
"trust": 1.8,
"url": "https://www.cs.columbia.edu/~smb/blog/2014-02/2014-02-24.html"
},
{
"trust": 1.8,
"url": "https://www.imperialviolet.org/2014/02/22/applebug.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95868425/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1266"
},
{
"trust": 0.3,
"url": "http://www.apple.com/ios/"
},
{
"trust": 0.3,
"url": "http://www.apple.com/appletv/features.html"
},
{
"trust": 0.3,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1266"
},
{
"trust": 0.3,
"url": "http://gpgtools.org"
},
{
"trust": 0.3,
"url": "http://support.apple.com/kb/ht1222"
},
{
"trust": 0.2,
"url": "https://www.apple.com/itunes/"
},
{
"trust": 0.1,
"url": "http://it.slashdot.org/comments.pl?sid=4821073\u0026amp;cid=46310187"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/295.html"
},
{
"trust": 0.1,
"url": "https://github.com/gabrielg/cve-2014-1266-poc"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69205"
},
{
"db": "VULMON",
"id": "CVE-2014-1266"
},
{
"db": "BID",
"id": "65738"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001444"
},
{
"db": "PACKETSTORM",
"id": "125371"
},
{
"db": "PACKETSTORM",
"id": "125347"
},
{
"db": "PACKETSTORM",
"id": "125370"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-306"
},
{
"db": "NVD",
"id": "CVE-2014-1266"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-69205"
},
{
"db": "VULMON",
"id": "CVE-2014-1266"
},
{
"db": "BID",
"id": "65738"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001444"
},
{
"db": "PACKETSTORM",
"id": "125371"
},
{
"db": "PACKETSTORM",
"id": "125347"
},
{
"db": "PACKETSTORM",
"id": "125370"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-306"
},
{
"db": "NVD",
"id": "CVE-2014-1266"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-22T00:00:00",
"db": "VULHUB",
"id": "VHN-69205"
},
{
"date": "2014-02-22T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1266"
},
{
"date": "2014-02-21T00:00:00",
"db": "BID",
"id": "65738"
},
{
"date": "2014-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001444"
},
{
"date": "2014-02-24T16:22:22",
"db": "PACKETSTORM",
"id": "125371"
},
{
"date": "2014-02-22T03:01:11",
"db": "PACKETSTORM",
"id": "125347"
},
{
"date": "2014-02-24T17:22:22",
"db": "PACKETSTORM",
"id": "125370"
},
{
"date": "2014-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-306"
},
{
"date": "2014-02-22T17:05:21.767000",
"db": "NVD",
"id": "CVE-2014-1266"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-69205"
},
{
"date": "2024-02-09T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1266"
},
{
"date": "2014-02-21T00:00:00",
"db": "BID",
"id": "65738"
},
{
"date": "2024-03-01T02:16:00",
"db": "JVNDB",
"id": "JVNDB-2014-001444"
},
{
"date": "2019-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-306"
},
{
"date": "2024-11-21T02:03:57.450000",
"db": "NVD",
"id": "CVE-2014-1266"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-306"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0Apple\u00a0 of the product \u00a0Data\u00a0Security\u00a0 of the component \u00a0Secure\u00a0Transport\u00a0 in function \u00a0SSL\u00a0 Server spoofing vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001444"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201402-306"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…