Information disclosure vulnerability in Apple related to HTTP authentication (Mac OS)ID: oval:org.secpod.oval:def:4822 | Date: (C)2012-03-21 (M)2023-11-18 |
Class: VULNERABILITY | Family: macos |
The host is installed with Apple Safari before 5.1.4 and is prone to information disclosure vulnerability. A flaw is present in the application, which fails to properly handle redirects in conjunction with HTTP authentication. Successful exploitation allows remote web servers to capture credentials by logging the Authorization HTTP header.
Platform: |
Apple Mac OS X 10.8 |
Apple Mac OS X 10.9 |
Apple Mac OS X 10.10 |
Apple Mac OS X Server 10.8 |
Apple Mac OS X Server 10.9 |
Apple Mac OS X Server 10.10 |