[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-1406Date: (C)2010-06-11   (M)2024-02-09


WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1024067
SECUNIA-40105
BID-40620
SECUNIA-41856
SECUNIA-43068
ADV-2010-1373
ADV-2010-2722
ADV-2011-0212
ADV-2011-0552
APPLE-SA-2010-06-07-1
APPLE-SA-2010-06-21-1
MDVSA-2011:039
SUSE-SR:2011:002
USN-1006-1
http://support.apple.com/kb/HT4196
http://support.apple.com/kb/HT4225
oval:org.mitre.oval:def:7197

CPE    66
cpe:/o:apple:mac_os_x_server:10.5.6
cpe:/o:apple:mac_os_x:10.4.9
cpe:/o:apple:mac_os_x_server:10.5.5
cpe:/o:apple:mac_os_x:10.4.8
...
CWE    1
CWE-200
OVAL    4
oval:org.mitre.oval:def:7197
oval:org.secpod.oval:def:4277
oval:org.secpod.oval:def:4271
oval:org.secpod.oval:def:300417
...

© SecPod Technologies