Summary
This host is installed with Apple iTunes and is prone to security bypass vulnerability.
Impact
Successful exploitation may allow an attacker to perform man-in-the-middle attacks and obtain sensitive information..
Impact Level: Application.
Solution
Upgrade to version 11.1.4 or later,
For updates refer to http://www.apple.com/itunes/download
Insight
The flaw exist due to iTunes Tutorials window, which uses a non-secure HTTP connection to retrieve content.
Affected
Apple iTunes before 11.1.4 on Windows
Detection
Get the installed version of Apple iTunes and check the version is vulnerable or not.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-1242 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)
- Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)
- Apache Traffic Server Remote DNS Cache Poisoning Vulnerability
- Apache /server-info accessible
- Apple Safari 'Webkit' Multiple Vulnerabilities-01 Mar14 (Mac OS X)