CVE-2009-1706 - OpenCVE

The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Safari

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::-:windows:::::
	cpe:2.3:a:apple:safari:3.0:-:windows:::::*
	cpe:2.3:a:apple:safari:3.0.1:-:windows:::::*
	cpe:2.3:a:apple:safari:3.0.2:-:windows:::::*
	cpe:2.3:a:apple:safari:3.0.3:-:windows:::::*
	cpe:2.3:a:apple:safari:3.0.4:-:windows:::::*
	cpe:2.3:a:apple:safari:3.1:-:windows:::::*
	cpe:2.3:a:apple:safari:3.1.1:-:windows:::::*
	cpe:2.3:a:apple:safari:3.1.2:-:windows:::::*
	cpe:2.3:a:apple:safari:3.2:-:windows:::::*
	cpe:2.3:a:apple:safari:3.2.1:-:windows:::::*
	cpe:2.3:a:apple:safari:3.2.2:-:windows:::::*

References

Link	Resource
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Patch Vendor Advisory
http://osvdb.org/54997
http://secunia.com/advisories/35379	Vendor Advisory
http://support.apple.com/kb/HT3613	Patch Vendor Advisory
http://www.securityfocus.com/bid/35260	Exploit Patch
http://www.securityfocus.com/bid/35346
http://www.vupen.com/english/advisories/2009/1522	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-06-10T17:37:00

Updated: 2009-06-19T09:00:00

Reserved: 2009-05-20T00:00:00

Link: CVE-2009-1706

JSON object: View

NVD Information

Status : Modified

Published: 2009-06-10T18:00:00.670

Modified: 2009-06-19T05:32:05.860

Link: CVE-2009-1706

JSON object: View

Redhat Information

No data.

CWE

CWE-200

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-06-08T00:00:00", "descriptions": [{"lang": "en", "value": "The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-06-19T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "APPLE-SA-2009-06-08-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"name": "35260", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35260"}, {"name": "ADV-2009-1522", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1522"}, {"name": "54997", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/54997"}, {"name": "35379", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35379"}, {"name": "35346", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35346"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3613"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1706", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2009-06-08-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"name": "35260", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35260"}, {"name": "ADV-2009-1522", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1522"}, {"name": "54997", "refsource": "OSVDB", "url": "http://osvdb.org/54997"}, {"name": "35379", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35379"}, {"name": "35346", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35346"}, {"name": "http://support.apple.com/kb/HT3613", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3613"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1706", "datePublished": "2009-06-10T17:37:00", "dateReserved": "2009-05-20T00:00:00", "dateUpdated": "2009-06-19T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:-:windows:*:*:*:*:*", "matchCriteriaId": "7E203D81-FABE-4A63-8930-1DA15A86E113", "versionEndIncluding": "3.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0:-:windows:*:*:*:*:*", "matchCriteriaId": "49875E29-AA30-4D96-9ED9-538823DD5E1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.1:-:windows:*:*:*:*:*", "matchCriteriaId": "D6C733F3-F5D4-4CF1-866D-61FF9D81D1B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.2:-:windows:*:*:*:*:*", "matchCriteriaId": "C5471735-D9C0-491B-9A6A-07B39AA215CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.3:-:windows:*:*:*:*:*", "matchCriteriaId": "1E5C52F3-2109-40FD-9945-A9A9D42C076E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.4:-:windows:*:*:*:*:*", "matchCriteriaId": "151DEB6D-5857-4B0B-8449-5735768024A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.1:-:windows:*:*:*:*:*", "matchCriteriaId": "AC7E7F65-8F3B-42F8-8B2D-9EA1CC4A4300", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.1.1:-:windows:*:*:*:*:*", "matchCriteriaId": "476EBE1F-66E1-4EF5-8344-BEDA97F306A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.1.2:-:windows:*:*:*:*:*", "matchCriteriaId": "480ED2AC-0DA4-44DA-A902-8534335077B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*", "matchCriteriaId": "77F31F4B-5305-4D75-9277-95EF99A969A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.2.1:-:windows:*:*:*:*:*", "matchCriteriaId": "C9AD216D-0C95-4843-A1A1-C3C9A6219277", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.2.2:-:windows:*:*:*:*:*", "matchCriteriaId": "04B8652D-BE06-49CB-A636-8B53B2DF9168", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie."}, {"lang": "es", "value": "La caracter\u00edstica de Navegaci\u00f3n Privada de Apple Safari anterior a v4.0 en Windows no elimina las cookies del almacenamiento de cookies alternativo en circunstancias no especificadas en relaci\u00f3n con (1) la desactivaci\u00f3n de la caracter\u00edstica o (2) la salida de la aplicaci\u00f3n, esto hace que sea m\u00e1s sencillo a los servidores Web remotos seguir a los usuarios mediante una cookie."}], "id": "CVE-2009-1706", "lastModified": "2009-06-19T05:32:05.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-06-10T18:00:00.670", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/54997"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35379"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.apple.com/kb/HT3613"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/35260"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35346"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1522"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}