5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.003 Low
EPSS
Percentile
70.1%
There is a vulnerability in the way Safari handles form data that may expose sensitive information when the forward/backward buttons are used.
Apple Safari is a web browser available for the Mac OS X operating system. A vulnerability exists in the way Safari handles web form data. When a web form is submitted to a server using the POST method
and the server returns an HTTP redirect
to a GET method
URL, Safari may re-POST that data to the GET method
URL. It has been reported that this condition occurs when the forward/backward buttons are used. No further information was provided on this vulnerability.
A user’s form data could be disclosed to a remote server.
Apple has released a patch to address this vulnerability. For further details, please see the Apple Security Advisory (Security Updates for Mac OS X 10.3.5).
128414
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: August 16, 2004
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please refer to Apple’s security updates for Mac OS X 10.3.5.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23128414 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by Apple. In turn, Apple credits Rick Osterberg of Harvard University for reporting this issue.
This document was written by Damon Morda.
CVE IDs: | CVE-2004-0743 |
---|---|
Severity Metric: | 1.45 Date Public: |