WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
No CVSS v3.1
No CVSS v3.0
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors | Products |
---|---|
Apple |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
References
Link | Resource |
---|---|
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html | Vendor Advisory |
http://support.apple.com/kb/HT4564 | Vendor Advisory |
http://support.apple.com/kb/HT4566 | Vendor Advisory |
http://www.securitytracker.com/id?1025182 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apple
Published: 2011-03-11T22:00:00
Updated: 2011-03-31T09:00:00
Reserved: 2010-12-23T00:00:00
Link: CVE-2011-0160
JSON object: View
NVD Information
Status : Modified
Published: 2011-03-11T22:55:02.840
Modified: 2011-03-31T03:29:14.220
Link: CVE-2011-0160
JSON object: View
Redhat Information
No data.
CWE