CVE-2010-0044

2010-03-1513:28:00

CWE-16

[email protected]

web.nvd.nist.gov

cve-2010-0044

pubsub

apple safari

cookie tracking

rss

atom

nvd

6.1 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.4%

JSON

PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.

CPENameOperatorVersion
apple:safariapple safarieq4.0.2
apple:safariapple safarieq4.0.1
apple:safariapple safarile4.0.4
apple:safariapple safarieq4.0.3
apple:safariapple safarieq4.0
apple:safariapple safarieq4.0.0b

CPE	Name	Operator	Version
apple:safari	apple safari	eq	4.0.2
apple:safari	apple safari	eq	4.0.1
apple:safari	apple safari	le	4.0.4
apple:safari	apple safari	eq	4.0.3
apple:safari	apple safari	eq	4.0
apple:safari	apple safari	eq	4.0.0b