VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1406
safari, webkit: WebKit in Apple Safari before 5.0 on Mac OS X 10.5 ...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1406

Original

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-06-11
Source Information Category:
Advisory, Alert
Last Updated:
2010-06-14




Affected Product Tags
cpe:/a:apple:safari:4.0
cpe:/a:apple:safari:4.0.0b
cpe:/a:apple:safari:4.0.1
cpe:/a:apple:safari:4.0.2
cpe:/a:apple:safari:4.0.3
cpe:/a:apple:safari:4.0.4
cpe:/a:apple:safari:4.0.5 and previous versions
cpe:/a:apple:webkit
cpe:/o:apple:mac_os_x:10.4
cpe:/o:apple:mac_os_x:10.4.0
cpe:/o:apple:mac_os_x:10.4.1
cpe:/o:apple:mac_os_x:10.4.10
cpe:/o:apple:mac_os_x:10.4.11
cpe:/o:apple:mac_os_x:10.4.2
cpe:/o:apple:mac_os_x:10.4.3
cpe:/o:apple:mac_os_x:10.4.4
cpe:/o:apple:mac_os_x:10.4.5
cpe:/o:apple:mac_os_x:10.4.6
cpe:/o:apple:mac_os_x:10.4.7
cpe:/o:apple:mac_os_x:10.4.8
cpe:/o:apple:mac_os_x:10.4.9
cpe:/o:apple:mac_os_x:10.5
cpe:/o:apple:mac_os_x:10.5.0
cpe:/o:apple:mac_os_x:10.5.1
cpe:/o:apple:mac_os_x:10.5.2
cpe:/o:apple:mac_os_x:10.5.3
cpe:/o:apple:mac_os_x:10.5.4
cpe:/o:apple:mac_os_x:10.5.5
cpe:/o:apple:mac_os_x:10.5.6
cpe:/o:apple:mac_os_x:10.5.7
cpe:/o:apple:mac_os_x:10.5.8
cpe:/o:apple:mac_os_x:10.6.0
cpe:/o:apple:mac_os_x:10.6.1
cpe:/o:apple:mac_os_x:10.6.2
cpe:/o:apple:mac_os_x:10.6.3
cpe:/o:apple:mac_os_x_server:10.4
cpe:/o:apple:mac_os_x_server:10.4.0
cpe:/o:apple:mac_os_x_server:10.4.1
cpe:/o:apple:mac_os_x_server:10.4.10
cpe:/o:apple:mac_os_x_server:10.4.11
cpe:/o:apple:mac_os_x_server:10.4.2
cpe:/o:apple:mac_os_x_server:10.4.3
cpe:/o:apple:mac_os_x_server:10.4.4
cpe:/o:apple:mac_os_x_server:10.4.5
cpe:/o:apple:mac_os_x_server:10.4.6
cpe:/o:apple:mac_os_x_server:10.4.7
cpe:/o:apple:mac_os_x_server:10.4.8
cpe:/o:apple:mac_os_x_server:10.4.9
cpe:/o:apple:mac_os_x_server:10.5
cpe:/o:apple:mac_os_x_server:10.5.0
cpe:/o:apple:mac_os_x_server:10.5.1
cpe:/o:apple:mac_os_x_server:10.5.2
cpe:/o:apple:mac_os_x_server:10.5.3
cpe:/o:apple:mac_os_x_server:10.5.4
cpe:/o:apple:mac_os_x_server:10.5.5
cpe:/o:apple:mac_os_x_server:10.5.6
cpe:/o:apple:mac_os_x_server:10.5.7
cpe:/o:apple:mac_os_x_server:10.5.8
cpe:/o:apple:mac_os_x_server:10.6.0
cpe:/o:apple:mac_os_x_server:10.6.1
cpe:/o:apple:mac_os_x_server:10.6.2
cpe:/o:apple:mac_os_x_server:10.6.3
cpe:/o:microsoft:windows_7
cpe:/o:microsoft:windows_vista
cpe:/o:microsoft:windows_xp::sp2
cpe:/o:microsoft:windows_xp::sp3
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
APPLE APPLE-SA-2010-06-07-1




BID 40620




CONFIRM http://support.apple.com/kb/HT4196




SECTRACK 1024067




SECUNIA 40105




VUPEN ADV-2010-1373




Vulnerability Type Information Leak / Disclosure (CWE-200)




Copyright © 2010 JPCERT/CC All Rights Reserved.