CVE-2010-1406

Published: Jun 11, 2010Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.

Affected (8)

Products: Apple: Safari, Webkit

2 products

Configuration A

32 platform

Running on/with	Platform Versions
Apple Mac Os X	Version 10.5.0
Apple Mac Os X	Version 10.5.1
Apple Mac Os X	Version 10.5.2
Apple Mac Os X	Version 10.5.3
Apple Mac Os X	Version 10.5.4
Apple Mac Os X	Version 10.5.5
Apple Mac Os X	Version 10.5.6
Apple Mac Os X	Version 10.5.7
Apple Mac Os X	Version 10.5.8
Apple Mac Os X	Version 10.5
Apple Mac Os X	Version 10.6.0
Apple Mac Os X	Version 10.6.1
Apple Mac Os X	Version 10.6.2
Apple Mac Os X	Version 10.6.3
Apple Mac Os X Server	Version 10.5.0
Apple Mac Os X Server	Version 10.5.1
Apple Mac Os X Server	Version 10.5.2
Apple Mac Os X Server	Version 10.5.3
Apple Mac Os X Server	Version 10.5.4
Apple Mac Os X Server	Version 10.5.5
Apple Mac Os X Server	Version 10.5.6
Apple Mac Os X Server	Version 10.5.7
Apple Mac Os X Server	Version 10.5.8
Apple Mac Os X Server	Version 10.5
Apple Mac Os X Server	Version 10.6.0
Apple Mac Os X Server	Version 10.6.1
Apple Mac Os X Server	Version 10.6.2
Apple Mac Os X Server	Version 10.6.3
Microsoft Windows 7	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Configuration B

8 vulnerable · 26 platform

Vulnerable Software	Affected Versions
Apple Safari	Up to 4.0.5
Apple Safari	Version 4.0.0b
Apple Safari	Version 4.0.1
Apple Safari	Version 4.0.2
Apple Safari	Version 4.0.3
Apple Safari	Version 4.0.4
Apple Safari	Version 4.0
Apple Webkit	All versions

Running on/with	Platform Versions
Apple Mac Os X	Version 10.4.0
Apple Mac Os X	Version 10.4.10
Apple Mac Os X	Version 10.4.11
Apple Mac Os X	Version 10.4.1
Apple Mac Os X	Version 10.4.2
Apple Mac Os X	Version 10.4.3
Apple Mac Os X	Version 10.4.4
Apple Mac Os X	Version 10.4.5
Apple Mac Os X	Version 10.4.6
Apple Mac Os X	Version 10.4.7
Apple Mac Os X	Version 10.4.8
Apple Mac Os X	Version 10.4.9
Apple Mac Os X	Version 10.4
Apple Mac Os X Server	Version 10.4.0
Apple Mac Os X Server	Version 10.4.10
Apple Mac Os X Server	Version 10.4.11
Apple Mac Os X Server	Version 10.4.1
Apple Mac Os X Server	Version 10.4.2
Apple Mac Os X Server	Version 10.4.3
Apple Mac Os X Server	Version 10.4.4
Apple Mac Os X Server	Version 10.4.5
Apple Mac Os X Server	Version 10.4.6
Apple Mac Os X Server	Version 10.4.7
Apple Mac Os X Server	Version 10.4.8
Apple Mac Os X Server	Version 10.4.9
Apple Mac Os X Server	Version 10.4

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (34)

http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html

Source: product-security@apple.com

PatchVendor Advisory

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

Source: product-security@apple.com

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: product-security@apple.com

http://secunia.com/advisories/40105

Source: product-security@apple.com

Vendor Advisory

http://secunia.com/advisories/41856

Source: product-security@apple.com

http://secunia.com/advisories/43068

Source: product-security@apple.com

http://securitytracker.com/id?1024067

Source: product-security@apple.com

http://support.apple.com/kb/HT4196

Source: product-security@apple.com

Vendor Advisory

http://support.apple.com/kb/HT4225

Source: product-security@apple.com

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Source: product-security@apple.com

http://www.securityfocus.com/bid/40620

Source: product-security@apple.com

Patch

http://www.ubuntu.com/usn/USN-1006-1

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2010/1373

Source: product-security@apple.com

PatchVendor Advisory

http://www.vupen.com/english/advisories/2010/2722

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0212

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2011/0552

Source: product-security@apple.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7197

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/40105

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/41856

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/43068

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1024067

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4196

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT4225

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/40620

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.ubuntu.com/usn/USN-1006-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/1373

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.vupen.com/english/advisories/2010/2722

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0212

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0552

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7197

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.