CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-3948

Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger installation of arbitrary applications via a download-manifest itms-services:// URL that leverages an open redirect vulnerability within a trusted domain.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 50.8%

CVSS Severity

CVSS v2 Score 4.3

References

http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf
http://support.apple.com/kb/HT6162
http://www.syscan.org/index.php/sg/program/day/2
http://antid0te.com/syscan_2013/SyScan2013_Mountain_Lion_iOS_Vulnerabilities_Garage_Sale_Whitepaper.pdf
http://support.apple.com/kb/HT6162
http://www.syscan.org/index.php/sg/program/day/2

Products affected by CVE-2013-3948

Apple » Iphone Os » Version: 6.1.3

cpe:2.3:o:apple:iphone_os:6.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-3948

Products

Pricing

Contact Us