5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
75.7%
The WebKit component in Safari in Apple iPhone OS before 3.1, and iPhone OS
before 3.1.1 for iPod touch, does not remove usernames and passwords from
URLs sent in Referer headers, which allows remote attackers to obtain
sensitive information by reading Referer logs on a web server.