Showing 1 - 3 of 3

CVE-2014-4374

Status Candidate

Overview

NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Related Files

Apple Security Advisory 2014-09-17-3: Posted Sep 19, 2014; Authored by Apple | Site apple.com; Apple Security Advisory 2014-09-17-3 - OS X Mavericks 10.9.5 and Security Update 2014-004 are now available and address PHP code execution, Bluetooth API validation, PDF handling, and various other vulnerabilities.; tags | advisory, php, vulnerability, code execution; systems | apple, osx; advisories | CVE-2013-7345, CVE-2014-0076, CVE-2014-0185, CVE-2014-0195, CVE-2014-0207, CVE-2014-0221, CVE-2014-0224, CVE-2014-0237, CVE-2014-0238, CVE-2014-1391, CVE-2014-1943, CVE-2014-2270, CVE-2014-2525, CVE-2014-3470, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-3981, CVE-2014-4049, CVE-2014-4350, CVE-2014-4374, CVE-2014-4376, CVE-2014-4377, CVE-2014-4378, CVE-2014-4379, CVE-2014-4381; SHA-256 | 4e7c77251432e1559177fbfc860df8439663744f27a763ac3194f1ebdf0e44e0; Download | Favorite | View

Apple Foundation NSXMLParser XML eXternal Entity (XXE): Posted Sep 18, 2014; Authored by George D. Gal | Site vsecurity.com; In May 2014, VSR identified a vulnerability in versions 7.0 and 7.1 of the iOS SDK whereby the NSXMLParser class, resolves XML External Entities by default despite documentation which indicates otherwise. In addition, settings to change the behavior of XML External Entity resolution appears to be non-functional. This vulnerability, commonly known as XXE (XML eXternal Entities) attacks could allow for an attacker's ability to use the XML parser to carry out attacks ranging from network port scanning, information disclosure, denial of service, and potentially to carry out remote file retrieval. Further review also revealed that the Foundation Framework used in OS X 10.9.x is also vulnerable.; tags | advisory, remote, denial of service, info disclosure, xxe; systems | apple, osx; advisories | CVE-2014-4374; SHA-256 | af1807dc188fc9b6e13cebb3ebe39700f51b071e81849be0f02375f2c6778418; Download | Favorite | View

Apple Security Advisory 2014-09-17-1: Posted Sep 17, 2014; Authored by Apple | Site apple.com; Apple Security Advisory 2014-09-17-1 - iOS 8 is now available and addresses wifi credential interception, identifier disclosure, path traversal, and various other vulnerabilities.; tags | advisory, vulnerability; systems | apple; advisories | CVE-2011-2391, CVE-2013-5227, CVE-2013-6663, CVE-2013-6835, CVE-2014-1348, CVE-2014-1360, CVE-2014-1384, CVE-2014-1385, CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-4352, CVE-2014-4353, CVE-2014-4354, CVE-2014-4356, CVE-2014-4357, CVE-2014-4361, CVE-2014-4362, CVE-2014-4363, CVE-2014-4364, CVE-2014-4366, CVE-2014-4367, CVE-2014-4368, CVE-2014-4369, CVE-2014-4371, CVE-2014-4372, CVE-2014-4373, CVE-2014-4374; SHA-256 | 9aea82d38a9a0bbd2a4dc19603d0bb6cbf3c4bc828f5ec2b4416c139ceb66db7; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 323 files
Ubuntu 71 files
Debian 21 files
LiquidWorm 12 files
Gentoo 8 files
Apple 6 files
Google Security Research 4 files
Spencer McIntyre 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

CVE-2014-4374

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems