Summary
This host is installed with Apple iTunes and is prone to security bypass vulnerability.
Impact
Successful exploitation may allow an attacker to perform man-in-the-middle attacks and obtain sensitive information..
Impact Level: Application.
Solution
Upgrade to version 11.1.4 or later,
For updates refer to http://www.apple.com/itunes/download
Insight
The flaw exist due to iTunes Tutorials window, which uses a non-secure HTTP connection to retrieve content.
Affected
Apple iTunes before 11.1.4 on Windows
Detection
Get the installed version of Apple iTunes and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-1242 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Mac OS X)
- APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
- Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)