Same Origin Policy bypass vulnerability in Apple Mac OS X via a crafted web siteID: oval:org.secpod.oval:def:24438 | Date: (C)2015-05-27 (M)2022-11-10 |
Class: VULNERABILITY | Family: macos |
The host is installed with Apple Mac OS X or Server 10.10.x through 10.10.2 and is prone to a same origin policy bypass vulnerability. A flaw is present in the application, which fails to properly handle request headers during processing of redirects in HTTP responses. Successful exploitation allows attackers to bypass the Same Origin Policy via a crafted web site.
Platform: |
Apple Mac OS X 10.10 |
Apple Mac OS X Server 10.10 |