The Page Loading implementation in WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles HTTP responses with a 3xx (aka redirection) status code, which allows remote attackers to spoof the displayed URL, bypass the Same Origin Policy, and obtain sensitive cached information via a crafted web site.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apple
Published: 2016-03-24T01:00:00
Updated: 2024-08-05T23:10:39.313Z
Reserved: 2016-01-13T00:00:00
Link: CVE-2016-1786
Vulnrichment
No data.
NVD
Status : Modified
Published: 2016-03-24T01:59:53.330
Modified: 2018-10-09T19:59:23.973
Link: CVE-2016-1786
Redhat
No data.