CVE-2014-1345

WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html
http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html
http://secunia.com/advisories/59481
http://www.securityfocus.com/bid/68276
http://www.securitytracker.com/id/1030495

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:a:apple:safari:6.0:::::::*
	cpe:2.3:a:apple:safari:6.0.1:::::::*
	cpe:2.3:a:apple:safari:6.0.2:::::::*
	cpe:2.3:a:apple:safari:6.0.3:::::::*
	cpe:2.3:a:apple:safari:6.0.4:::::::*
	cpe:2.3:a:apple:safari:6.0.5:::::::*
	cpe:2.3:a:apple:safari:6.1:::::::*
	cpe:2.3:a:apple:safari:6.1.1:::::::*
	cpe:2.3:a:apple:safari:6.1.2:::::::*
	cpe:2.3:a:apple:safari:6.1.3:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:apple:safari:7.0:::::::*
	cpe:2.3:a:apple:safari:7.0.1:::::::*
	cpe:2.3:a:apple:safari:7.0.2:::::::*
	cpe:2.3:a:apple:safari:7.0.3:::::::*
	cpe:2.3:a:apple:safari:7.0.4:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:iphone_os:7.0:::::::*
	cpe:2.3:o:apple:iphone_os:7.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:7.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:7.0.3:::::::*
	cpe:2.3:o:apple:iphone_os:7.0.4:::::::*
	cpe:2.3:o:apple:iphone_os:7.0.5:::::::*
	cpe:2.3:o:apple:iphone_os:7.0.6:::::::*
	cpe:2.3:o:apple:iphone_os:7.1:::::::*

History

No history.

Information

Published : 2014-07-01 10:17

Updated : 2017-01-07 02:59

NVD link : CVE-2014-1345

Mitre link : CVE-2014-1345

CVE.ORG link : CVE-2014-1345

JSON object : View

Products Affected

apple

safari
iphone_os

CWE

NVD-CWE-Other

{"id": "CVE-2014-1345", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-07-01T10:17:25.847", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html", "source": "product-security@apple.com"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html", "source": "product-security@apple.com"}, {"url": "http://secunia.com/advisories/59481", "source": "product-security@apple.com"}, {"url": "http://www.securityfocus.com/bid/68276", "source": "product-security@apple.com"}, {"url": "http://www.securitytracker.com/id/1030495", "source": "product-security@apple.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site."}, {"lang": "es", "value": "WebKit en Apple iOS anterior a 7.1.2 y Apple Safari anterior a 6.1.5 y 7.x anterior a 7.0.5 no codifica debidamente nombres de dominios en URLs, lo que permite a atacantes remotos falsificar la barra de direcciones a trav\u00e9s de un sitio web manipulado."}], "lastModified": "2017-01-07T02:59:35.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36947A2E-93EB-4A44-BFF6-9D9F414D9BB3", "versionEndIncluding": "6.1.4"}, {"criteria": "cpe:2.3:a:apple:safari:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BA4B009-6BF2-4174-A05C-77B75C45377C"}, {"criteria": "cpe:2.3:a:apple:safari:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "136A760D-2873-4216-AB60-E3D93DE82BCF"}, {"criteria": "cpe:2.3:a:apple:safari:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFF3DFE0-2587-4E91-ACC2-45E9B51EF4C4"}, {"criteria": "cpe:2.3:a:apple:safari:6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "076B9C00-EFB0-4284-A617-FAEE341F80FB"}, {"criteria": "cpe:2.3:a:apple:safari:6.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8851ED07-715F-4F6A-AE29-FA95D069F972"}, {"criteria": "cpe:2.3:a:apple:safari:6.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65EBA204-5E12-429A-9414-400CBAA0BA89"}, {"criteria": "cpe:2.3:a:apple:safari:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A600193-92E3-4A31-824D-94BC87E513B2"}, {"criteria": "cpe:2.3:a:apple:safari:6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74543772-8C0C-4055-BC1E-D7EAA8A55B51"}, {"criteria": "cpe:2.3:a:apple:safari:6.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77462FFC-4F46-4DE4-BE90-78457B7B4FD7"}, {"criteria": "cpe:2.3:a:apple:safari:6.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F51B6FF0-D566-4348-8A6D-4F13615D5C49"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88D46FE5-10D2-44A0-ACAE-CEED8BD0C30C"}, {"criteria": "cpe:2.3:a:apple:safari:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "391B4255-4434-4EB3-929B-3E593D9CD249"}, {"criteria": "cpe:2.3:a:apple:safari:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40B87D10-55B3-42E7-8FF6-93EDF003337D"}, {"criteria": "cpe:2.3:a:apple:safari:7.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D4EBCD8-9DD5-468E-8B5B-49E38FEBCEC2"}, {"criteria": "cpe:2.3:a:apple:safari:7.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B8C7AEC-F54A-4843-A0EA-C7DD847BEF5B"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8E92C81-A564-4B9A-A263-8C0CF7844D32", "versionEndIncluding": "7.1.1"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07A11433-B725-4BD6-B998-4B3637F061EC"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FD62141-07B1-4E3D-80BC-25D519F90DBD"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9737BD4-B4F4-4291-A1E9-B692ECBC657E"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6160869-944D-4E34-BB81-6A1259D692B1"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "090CAC3C-4B20-46E5-A8C7-950B7E1DB5E9"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E96F77DD-0962-4E55-97A2-9BC2FE01D8A8"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BD9ACBF-34A4-4181-A6E0-78ABD4FC9ACB"}, {"criteria": "cpe:2.3:o:apple:iphone_os:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EDF40E86-E5D2-4D66-B296-ADFA78B42113"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/172.html\n\n\"CWE-172: Encoding Error\"", "sourceIdentifier": "product-security@apple.com"}