Lucene search

[email protected]CVE-2010-1406

HistoryJun 11, 2010 - 6:00 p.m.

CVE-2010-1406

2010-06-1118:00:37

CWE-200

[email protected]

web.nvd.nist.gov

apple safari

webkit

cve-2010

security

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

8.2 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.1%

JSON

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.

Affected configurations

NVD

Node

applesafariRange≤4.0.5

applesafariMatch4.0

applesafariMatch4.0.0b

applesafariMatch4.0.1

applesafariMatch4.0.2

applesafariMatch4.0.3

applesafariMatch4.0.4

applewebkit

AND

applemac_os_xMatch10.5

applemac_os_xMatch10.5.0

applemac_os_xMatch10.5.1

applemac_os_xMatch10.5.2

applemac_os_xMatch10.5.3

applemac_os_xMatch10.5.4

applemac_os_xMatch10.5.5

applemac_os_xMatch10.5.6

applemac_os_xMatch10.5.7

applemac_os_xMatch10.5.8

applemac_os_xMatch10.6.0

applemac_os_xMatch10.6.1

applemac_os_xMatch10.6.2

applemac_os_xMatch10.6.3

applemac_os_x_serverMatch10.5

applemac_os_x_serverMatch10.5.0

applemac_os_x_serverMatch10.5.1

applemac_os_x_serverMatch10.5.2

applemac_os_x_serverMatch10.5.3

applemac_os_x_serverMatch10.5.4

applemac_os_x_serverMatch10.5.5

applemac_os_x_serverMatch10.5.6

applemac_os_x_serverMatch10.5.7

applemac_os_x_serverMatch10.5.8

applemac_os_x_serverMatch10.6.0

applemac_os_x_serverMatch10.6.1

applemac_os_x_serverMatch10.6.2

applemac_os_x_serverMatch10.6.3

microsoftwindows_7

microsoftwindows_vista

microsoftwindows_xpsp2

microsoftwindows_xpsp3

Node

applesafariRange≤4.0.5

applesafariMatch4.0

applesafariMatch4.0.0b

applesafariMatch4.0.1

applesafariMatch4.0.2

applesafariMatch4.0.3

applesafariMatch4.0.4

applewebkit

AND

applemac_os_xMatch10.4

applemac_os_xMatch10.4.0

applemac_os_xMatch10.4.1

applemac_os_xMatch10.4.2

applemac_os_xMatch10.4.3

applemac_os_xMatch10.4.4

applemac_os_xMatch10.4.5

applemac_os_xMatch10.4.6

applemac_os_xMatch10.4.7

applemac_os_xMatch10.4.8

applemac_os_xMatch10.4.9

applemac_os_xMatch10.4.10

applemac_os_xMatch10.4.11

applemac_os_x_serverMatch10.4

applemac_os_x_serverMatch10.4.0

applemac_os_x_serverMatch10.4.1

applemac_os_x_serverMatch10.4.2

applemac_os_x_serverMatch10.4.3

applemac_os_x_serverMatch10.4.4

applemac_os_x_serverMatch10.4.5

applemac_os_x_serverMatch10.4.6

applemac_os_x_serverMatch10.4.7

applemac_os_x_serverMatch10.4.8

applemac_os_x_serverMatch10.4.9

applemac_os_x_serverMatch10.4.10

applemac_os_x_serverMatch10.4.11

CPENameOperatorVersion
apple:safariapple safarile4.0.5
apple:safariapple safarieq4.0
apple:safariapple safarieq4.0.0b
apple:safariapple safarieq4.0.1
apple:safariapple safarieq4.0.2
apple:safariapple safarieq4.0.3
apple:safariapple safarieq4.0.4
apple:webkitapple webkiteq*

CPE	Name	Operator	Version
apple:safari	apple safari	le	4.0.5
apple:safari	apple safari	eq	4.0
apple:safari	apple safari	eq	4.0.0b
apple:safari	apple safari	eq	4.0.1
apple:safari	apple safari	eq	4.0.2
apple:safari	apple safari	eq	4.0.3
apple:safari	apple safari	eq	4.0.4
apple:webkit	apple webkit	eq	*