5

CVE-2014-4374

NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApplemacOS X Version <= 10.9.4
AppleiPhone OS Version <= 7.1.2
AppleiPhone OS Version7.0
AppleiPhone OS Version7.0.1
AppleiPhone OS Version7.0.2
AppleiPhone OS Version7.0.3
AppleiPhone OS Version7.0.4
AppleiPhone OS Version7.0.5
AppleiPhone OS Version7.0.6
AppleiPhone OS Version7.1
AppleiPhone OS Version7.1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.19% 0.801
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://archives.neohapsis.com/archives/bugtraq/2014-09/0106.html
Vendor Advisory
http://support.apple.com/kb/HT6441
http://support.apple.com/kb/HT6443
Vendor Advisory
http://www.securityfocus.com/bid/69882
http://www.securitytracker.com/id/1030866
http://www.securityfocus.com/bid/69905
https://exchange.xforce.ibmcloud.com/vulnerabilities/96077