CVE-2010-1760

2010-08-1922:00:01

CWE-255

[email protected]

web.nvd.nist.gov

cve-2010-1760

webcore

webkit

xmlhttprequest

security vulnerability

credentials

remote attack vectors

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.4 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.

Affected configurations

NVD

Node

applewebkitRange≤r58408

applewebkitMatchr50173

applewebkitMatchr56187

applewebkitMatchr56188

applewebkitMatchr56379

CPENameOperatorVersion
apple:webkitapple webkitler58408
apple:webkitapple webkiteqr50173
apple:webkitapple webkiteqr56187
apple:webkitapple webkiteqr56188
apple:webkitapple webkiteqr56379

CPE	Name	Operator	Version
apple:webkit	apple webkit	le	r58408
apple:webkit	apple webkit	eq	r50173
apple:webkit	apple webkit	eq	r56187
apple:webkit	apple webkit	eq	r56188
apple:webkit	apple webkit	eq	r56379