CVE-2011-0160
Safari < 5.0.3 - Credential Disclosure via WebKit Redirect Handling
Title source: llmDescription
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4564
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4566
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025182
Scores
EPSS
0.0155
EPSS Percentile
72.2%
Details
CWE
CWE-20
Status
published
Products (46)
apple/iphone_os
1.0.0
apple/iphone_os
1.0.1
apple/iphone_os
1.0.2
apple/iphone_os
1.1.0
apple/iphone_os
1.1.1
apple/iphone_os
1.1.2
apple/iphone_os
1.1.3
apple/iphone_os
1.1.4
apple/iphone_os
1.1.5
apple/iphone_os
2.0
... and 36 more
Published
Mar 11, 2011
Tracked Since
Feb 18, 2026