What is the severity of CVE-2011-3246?

CVE-2011-3246 has been rated as having moderate severity due to the potential for remote attackers to manipulate URL parsing.

How do I fix CVE-2011-3246?

To mitigate CVE-2011-3246, ensure your Apple iOS device or Mac OS X is updated to versions 5.0.1 or 10.7.2 or later, respectively.

What systems are affected by CVE-2011-3246?

CVE-2011-3246 affects Apple iOS versions prior to 5.0.1 and Mac OS X versions prior to 10.7.2.

What is the impact of CVE-2011-3246?

CVE-2011-3246 can lead to users being redirected to unintended websites and the transmission of cookies to malicious sites.

Can I be attacked if I am using a patched version regarding CVE-2011-3246?

If you are using a patched version of iOS or Mac OS X that addresses CVE-2011-3246, the vulnerability should not affect you.

Vulnerability/
CVE-2011-3246

medium

CWE

200

14/10/2011

6/8/2024

CVE-2011-3246: Infoleak

First published: Fri Oct 14 2011(Updated: )

CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 does not properly parse URLs, which allows remote attackers to trigger visits to unintended web sites, and transmission of cookies to unintended web sites, via a crafted (1) http or (2) https URL.

Credit: product-security@apple.com

Affected Software	Affected Version	How to fix
Apple Mac OS X Server	=10.7.1
Apple Mac OS X Server	=10.7.0
macOS Yosemite	=10.7.0
macOS Yosemite	=10.7.1
Apple iPhone OS	=4.0
Apple iPhone OS	=4.3.2
Apple iPhone OS	=4.0.2
Apple iPhone OS	=4.0.1
Apple iPhone OS	=3.2
Apple iPhone OS	=4.2.8
Apple iPhone OS	=4.1
Apple iPhone OS	=3.1.2
Apple iPhone OS	=4.3.5
Apple iPhone OS	=3.1.3
Apple iPhone OS	=4.3.1
Apple iPhone OS	=4.2.5
Apple iPhone OS	=3.2.1
Apple iPhone OS	=3.1
Apple iPhone OS	=4.3.5
Apple iPhone OS	=3.1
Apple iPhone OS	=3.2
Apple iPhone OS	=4.3.5
Apple iPhone OS	=4.2.1
Apple iPhone OS	=3.0
Apple iPhone OS	=4.0.1
Apple iPhone OS	=4.3.3
Apple iPhone OS	=4.0.1
Apple iPhone OS	=4.0
Apple iPhone OS	=3.1
Apple iPhone OS	=4.0
Apple iPhone OS	=4.3.0
Apple iPhone OS	=3.2.1
Apple iPhone OS	=3.2.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2011-3246?
CVE-2011-3246 has been rated as having moderate severity due to the potential for remote attackers to manipulate URL parsing.
How do I fix CVE-2011-3246?
To mitigate CVE-2011-3246, ensure your Apple iOS device or Mac OS X is updated to versions 5.0.1 or 10.7.2 or later, respectively.
What systems are affected by CVE-2011-3246?
CVE-2011-3246 affects Apple iOS versions prior to 5.0.1 and Mac OS X versions prior to 10.7.2.
What is the impact of CVE-2011-3246?
CVE-2011-3246 can lead to users being redirected to unintended websites and the transmission of cookies to malicious sites.
Can I be attacked if I am using a patched version regarding CVE-2011-3246?
If you are using a patched version of iOS or Mac OS X that addresses CVE-2011-3246, the vulnerability should not affect you.

agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/references
agent/last-modified-date
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
vendor/apple
canonical/apple mac os x server
version/apple mac os x server/10.7.1
version/apple mac os x server/10.7.0
canonical/macos yosemite
version/macos yosemite/10.7.0
version/macos yosemite/10.7.1
canonical/apple iphone os
version/apple iphone os/4.0
version/apple iphone os/4.3.2
version/apple iphone os/4.0.2
version/apple iphone os/4.0.1
version/apple iphone os/3.2
version/apple iphone os/4.2.8
version/apple iphone os/4.1
version/apple iphone os/3.1.2
version/apple iphone os/4.3.5
version/apple iphone os/3.1.3
version/apple iphone os/4.3.1
version/apple iphone os/4.2.5
version/apple iphone os/3.2.1
version/apple iphone os/3.1
version/apple iphone os/4.2.1
version/apple iphone os/3.0
version/apple iphone os/4.3.3
version/apple iphone os/4.3.0
version/apple iphone os/3.2.2