{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "APPLE-SA-2010-03-11-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"}, {"name": "38675", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38675"}, {"name": "safari-pubsub-security-bypass(56830)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56830"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4070"}, {"name": "62937", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/62937"}, {"name": "oval:org.mitre.oval:def:7051", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051"}, {"name": "38671", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38671"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2010-0044", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2010-03-11-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"}, {"name": "38675", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38675"}, {"name": "safari-pubsub-security-bypass(56830)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56830"}, {"name": "http://support.apple.com/kb/HT4070", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4070"}, {"name": "62937", "refsource": "OSVDB", "url": "http://osvdb.org/62937"}, {"name": "oval:org.mitre.oval:def:7051", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051"}, {"name": "38671", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38671"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2010-0044", "datePublished": "2010-03-12T20:00:00", "dateReserved": "2009-12-15T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1816CD6-0159-4684-A54D-94866D3FE570", "versionEndIncluding": "4.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*", "matchCriteriaId": "02EAC196-AE43-4787-9AF9-E79E2E1BBA46", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "36EA71E0-63F7-46FF-AF11-792741F27628", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "80E36485-565D-4FAA-A6AD-57DF42D47462", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed."}, {"lang": "es", "value": "PubSub en Apple Safari anterior a v 4.0.5 no implementa adecuadamente las preferencias de uso para aceptar y rechazar cookies, lo que facilita a servidores web remotos seguir las preferencias de usuario (tracking) estableciendo una cookie en un (1) RSS o (2) Atom feed."}], "evaluatorComment": "Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\r\n\r\n'PubSub\r\nCVE-ID: CVE-2010-0044\r\nAvailable for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,\r\nMac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,\r\nWindows 7, Vista, XP\r\nImpact: Visiting or updating a feed may result in a cookie being\r\nset, even if Safari is configured to block cookies\r\nDescription: An implementation issue exists in the handling of\r\ncookies set by RSS and Atom feeds. Visiting or updating a feed may\r\nresult in a cookie being set, even if Safari is configured to block\r\ncookies via the \"Accept Cookies\" preference. This update addresses\r\nthe issue by respecting the preference while updating or viewing\r\nfeeds.'", "evaluatorSolution": "Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\r\n\r\n'Safari 4.0.5 is available via the Apple Software Update application,\r\nor Apple's Safari download site at:\r\nhttp://www.apple.com/safari/download/'", "id": "CVE-2010-0044", "lastModified": "2017-09-19T01:30:11.517", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-03-15T13:28:25.467", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"}, {"source": "product-security@apple.com", "url": "http://osvdb.org/62937"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT4070"}, {"source": "product-security@apple.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/38671"}, {"source": "product-security@apple.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/38675"}, {"source": "product-security@apple.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56830"}, {"source": "product-security@apple.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}