CVE-2010-1940 - Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site t

CVE-2010-1940

Summary

Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

References

Vulnerable Configurations

cpe:2.3:a:apple:safari:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:4.0.5:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 17-08-2017 - 01:32)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:N/A:N

refmap via4

secunia	39670
xf	safari-http-request-information-disclosure(58620)

Last major update

17-08-2017 - 01:32

Published

14-05-2010 - 20:30

Last modified

17-08-2017 - 01:32