CVE-2012-0647
Safari < 5.1.4 - Unauthenticated Credential Exposure via Redirect and HTTP Authentication
Title source: llmDescription
WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
References (3)
Core 3
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48377
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1026785
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html
Scores
EPSS
0.0113
EPSS Percentile
62.6%
Details
CWE
CWE-200
Status
published
Products (35)
apple/safari
apple/safari
1.0 (3 CPE variants)
apple/safari
1.0.0
apple/safari
1.0.0b1
apple/safari
1.0.0b2
apple/safari
1.0.1
apple/safari
1.0.2
apple/safari
1.0.3 (3 CPE variants)
apple/safari
1.0b1
apple/safari
1.1
... and 25 more
Published
Mar 12, 2012
Tracked Since
Feb 18, 2026