Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-1764

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, follows multiple redirections during form submission, which allows remote web servers to obtain sensitive information by recording the form data.

Published

2010-06-11T19:30:20.393

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apple	safari	≤ 4.0.5	Yes
Application	apple	safari	4.0	Yes
Application	apple	safari	4.0.0b	Yes
Application	apple	safari	4.0.1	Yes
Application	apple	safari	4.0.2	Yes
Application	apple	safari	4.0.3	Yes
Application	apple	safari	4.0.4	Yes
Application	apple	webkit	*	Yes
Operating System	apple	mac_os_x	10.5	No
Operating System	apple	mac_os_x	10.5.0	No
Operating System	apple	mac_os_x	10.5.1	No
Operating System	apple	mac_os_x	10.5.2	No
Operating System	apple	mac_os_x	10.5.3	No
Operating System	apple	mac_os_x	10.5.4	No
Operating System	apple	mac_os_x	10.5.5	No
Operating System	apple	mac_os_x	10.5.6	No
Operating System	apple	mac_os_x	10.5.7	No
Operating System	apple	mac_os_x	10.5.8	No
Operating System	apple	mac_os_x	10.6.0	No
Operating System	apple	mac_os_x	10.6.1	No
Operating System	apple	mac_os_x	10.6.2	No
Operating System	apple	mac_os_x	10.6.3	No
Operating System	apple	mac_os_x_server	10.5	No
Operating System	apple	mac_os_x_server	10.5.0	No
Operating System	apple	mac_os_x_server	10.5.1	No
Operating System	apple	mac_os_x_server	10.5.2	No
Operating System	apple	mac_os_x_server	10.5.3	No
Operating System	apple	mac_os_x_server	10.5.4	No
Operating System	apple	mac_os_x_server	10.5.5	No
Operating System	apple	mac_os_x_server	10.5.6	No
Operating System	apple	mac_os_x_server	10.5.7	No
Operating System	apple	mac_os_x_server	10.5.8	No
Operating System	apple	mac_os_x_server	10.6.0	No
Operating System	apple	mac_os_x_server	10.6.1	No
Operating System	apple	mac_os_x_server	10.6.2	No
Operating System	apple	mac_os_x_server	10.6.3	No
Operating System	microsoft	windows_7	*	No
Operating System	microsoft	windows_vista	*	No
Operating System	microsoft	windows_xp	*	No
Operating System	microsoft	windows_xp	*	No
Application	apple	safari	≤ 4.0.5	Yes
Application	apple	safari	4.0	Yes
Application	apple	safari	4.0.0b	Yes
Application	apple	safari	4.0.1	Yes
Application	apple	safari	4.0.2	Yes
Application	apple	safari	4.0.3	Yes
Application	apple	safari	4.0.4	Yes
Application	apple	webkit	*	Yes
Operating System	apple	mac_os_x	10.4	No
Operating System	apple	mac_os_x	10.4.0	No
Operating System	apple	mac_os_x	10.4.1	No
Operating System	apple	mac_os_x	10.4.2	No
Operating System	apple	mac_os_x	10.4.3	No
Operating System	apple	mac_os_x	10.4.4	No
Operating System	apple	mac_os_x	10.4.5	No
Operating System	apple	mac_os_x	10.4.6	No
Operating System	apple	mac_os_x	10.4.7	No
Operating System	apple	mac_os_x	10.4.8	No
Operating System	apple	mac_os_x	10.4.9	No
Operating System	apple	mac_os_x	10.4.10	No
Operating System	apple	mac_os_x	10.4.11	No
Operating System	apple	mac_os_x_server	10.4	No
Operating System	apple	mac_os_x_server	10.4.0	No
Operating System	apple	mac_os_x_server	10.4.1	No
Operating System	apple	mac_os_x_server	10.4.2	No
Operating System	apple	mac_os_x_server	10.4.3	No
Operating System	apple	mac_os_x_server	10.4.4	No
Operating System	apple	mac_os_x_server	10.4.5	No
Operating System	apple	mac_os_x_server	10.4.6	No
Operating System	apple	mac_os_x_server	10.4.7	No
Operating System	apple	mac_os_x_server	10.4.8	No
Operating System	apple	mac_os_x_server	10.4.9	No
Operating System	apple	mac_os_x_server	10.4.10	No
Operating System	apple	mac_os_x_server	10.4.11	No

References

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html ([email protected])
http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html ([email protected])
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html Patch, Vendor Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html ([email protected])
http://secunia.com/advisories/40105 Vendor Advisory ([email protected])
http://secunia.com/advisories/41856 ([email protected])
http://secunia.com/advisories/42314 ([email protected])
http://secunia.com/advisories/43068 ([email protected])
http://securitytracker.com/id?1024067 ([email protected])
http://support.apple.com/kb/HT4196 Vendor Advisory ([email protected])
http://support.apple.com/kb/HT4334 ([email protected])
http://support.apple.com/kb/HT4456 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 ([email protected])
http://www.securityfocus.com/bid/40620 Patch ([email protected])
http://www.ubuntu.com/usn/USN-1006-1 ([email protected])
http://www.vupen.com/english/advisories/2010/1373 Patch, Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2010/2722 ([email protected])
http://www.vupen.com/english/advisories/2011/0212 ([email protected])
http://www.vupen.com/english/advisories/2011/0552 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7347 ([email protected])
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2010//Sep/msg00002.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/40105 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/41856 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42314 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43068 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1024067 (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4196 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4334 (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4456 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/40620 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-1006-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/1373 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/2722 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0212 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0552 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7347 (af854a3a-2127-422b-91ae-364da2661108)