CVE-2010-1406
Apple Safari < 5.0 - Sensitive Information Exposure via Referer Header
Title source: llmDescription
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.
References (17)
Core 17
Core References
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2722
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43068
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1006-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41856
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0212
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4225
Patch, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40105
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1373
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40620
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0552
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1024067
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4196
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7197
Scores
EPSS
0.0226
EPSS Percentile
80.9%
Details
CWE
CWE-200
Status
published
Products (8)
apple/safari
4.0
apple/safari
4.0.0b
apple/safari
4.0.1
apple/safari
4.0.2
apple/safari
4.0.3
apple/safari
4.0.4
apple/safari
< 4.0.5
apple/webkit
Published
Jun 11, 2010
Tracked Since
Feb 18, 2026