CVE-2011-0160

Published: Mar 11, 2011Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

Affected (95)

Products: Apple: Safari, Iphone Os, Webkit

3 products

Configuration A

64 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Up to 5.0.3
Apple Safari	Version 1.0.0
Apple Safari	Version 1.0.0b1
Apple Safari	Version 1.0.0b2
Apple Safari	Version 1.0.1
Apple Safari	Version 1.0.2
Apple Safari	Version 1.0.3
Apple Safari	Version 1.0.3 85.8.1
Apple Safari	Version 1.0.3 85.8
Apple Safari	Version 1.0
Apple Safari	Version 1.0 beta2
Apple Safari	Version 1.0 beta
Apple Safari	Version 1.1.0
Apple Safari	Version 1.1.1
Apple Safari	Version 1.1
Apple Safari	Version 1.2.0
Apple Safari	Version 1.2.1
Apple Safari	Version 1.2.2
Apple Safari	Version 1.2.3
Apple Safari	Version 1.2.4
Apple Safari	Version 1.2.5
Apple Safari	Version 1.2
Apple Safari	Version 1.3.0
Apple Safari	Version 1.3.1
Apple Safari	Version 1.3.2
Apple Safari	Version 1.3.2 312.5
Apple Safari	Version 1.3.2 312.6
Apple Safari	Version 1.3
Apple Safari	Version 2.0.0
Apple Safari	Version 2.0.1
Apple Safari	Version 2.0.2
Apple Safari	Version 2.0.3
Apple Safari	Version 2.0.3 417.8
Apple Safari	Version 2.0.3 417.9.2
Apple Safari	Version 2.0.3 417.9.3
Apple Safari	Version 2.0.3 417.9
Apple Safari	Version 2.0.4
Apple Safari	Version 2.0
Apple Safari	Version 2
Apple Safari	Version 3.0.0
Apple Safari	Version 3.0.0b
Apple Safari	Version 3.0.1
Apple Safari	Version 3.0.1b
Apple Safari	Version 3.0.2
Apple Safari	Version 3.0.2b
Apple Safari	Version 3.0.3
Apple Safari	Version 3.0.3b
Apple Safari	Version 3.0.4
Apple Safari	Version 3.0.4b
Apple Safari	Version 3.0
Apple Safari	Version 3.1.0
Apple Safari	Version 3.1.0b
Apple Safari	Version 3.1.1
Apple Safari	Version 3.1.2
Apple Safari	Version 3.2.0
Apple Safari	Version 3.2.1
Apple Safari	Version 3.2.2
Apple Safari	Version 3
Apple Safari	Version 4.1.1
Apple Safari	Version 4.1.2
Apple Safari	Version 4.1
Apple Safari	Version 5.0.1
Apple Safari	Version 5.0.2
Apple Safari	Version 5.0

Configuration B

31 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 4.2
Apple Iphone Os	Version 1.0.0
Apple Iphone Os	Version 1.0.1
Apple Iphone Os	Version 1.0.2
Apple Iphone Os	Version 1.1.0
Apple Iphone Os	Version 1.1.1
Apple Iphone Os	Version 1.1.2
Apple Iphone Os	Version 1.1.3
Apple Iphone Os	Version 1.1.4
Apple Iphone Os	Version 1.1.5
Apple Iphone Os	Version 2.0.0
Apple Iphone Os	Version 2.0.1
Apple Iphone Os	Version 2.0.2
Apple Iphone Os	Version 2.0
Apple Iphone Os	Version 2.1.1
Apple Iphone Os	Version 2.1
Apple Iphone Os	Version 2.2.1
Apple Iphone Os	Version 2.2
Apple Iphone Os	Version 3.0.1
Apple Iphone Os	Version 3.0
Apple Iphone Os	Version 3.1.2
Apple Iphone Os	Version 3.1.3
Apple Iphone Os	Version 3.1
Apple Iphone Os	Version 3.2.1
Apple Iphone Os	Version 3.2.2
Apple Iphone Os	Version 3.2
Apple Iphone Os	Version 4.0.1
Apple Iphone Os	Version 4.0.2
Apple Iphone Os	Version 4.0
Apple Iphone Os	Version 4.1
Apple Webkit	All versions