CVE-2011-0160

Safari < 5.0.3 - Credential Disclosure via WebKit Redirect Handling

Title source: llm
STIX 2.1

Description

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

References (5)

Core 5
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4564
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4566
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025182

Scores

EPSS 0.0155
EPSS Percentile 72.2%

Details

CWE
CWE-20
Status published
Products (46)
apple/iphone_os 1.0.0
apple/iphone_os 1.0.1
apple/iphone_os 1.0.2
apple/iphone_os 1.1.0
apple/iphone_os 1.1.1
apple/iphone_os 1.1.2
apple/iphone_os 1.1.3
apple/iphone_os 1.1.4
apple/iphone_os 1.1.5
apple/iphone_os 2.0
... and 36 more
Published Mar 11, 2011
Tracked Since Feb 18, 2026