CVE-2010-1406

Apple Safari < 5.0 - Sensitive Information Exposure via Referer Header

Title source: llm
STIX 2.1

Description

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.

References (17)

Core 17
Core References
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2722
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43068
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1006-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41856
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0212
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4225
Patch, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/40105
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1373
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40620
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0552
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1024067
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4196
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7197

Scores

EPSS 0.0226
EPSS Percentile 80.9%

Details

CWE
CWE-200
Status published
Products (8)
apple/safari 4.0
apple/safari 4.0.0b
apple/safari 4.0.1
apple/safari 4.0.2
apple/safari 4.0.3
apple/safari 4.0.4
apple/safari < 4.0.5
apple/webkit
Published Jun 11, 2010
Tracked Since Feb 18, 2026