Vulnerabilities > CVE-2010-0044 - Configuration vulnerability in Apple Safari
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id SAFARI_4_0_5.NASL description The version of Safari installed on the remote Windows host is earlier than 4.0.5. It thus is potentially affected by several issues : - A buffer underflow in ImageIO last seen 2020-06-01 modified 2020-06-02 plugin id 45045 published 2010-03-11 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45045 title Safari < 4.0.5 Multiple Vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI4_0_5.NASL description The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0.5. As such, it is potentially affected by several issues : - An implementation issue in the handling of cookies set by RSS and Atom feeds could result in a cookie being set when visiting or updating a feed even if Safari is configured to block cookies via the last seen 2020-06-01 modified 2020-06-02 plugin id 45044 published 2010-03-11 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45044 title Mac OS X : Apple Safari < 4.0.5
Oval
| accepted | 2013-11-11T04:02:37.002-05:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| definition_extensions |
| ||||||||||||||||
| description | PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. | ||||||||||||||||
| family | windows | ||||||||||||||||
| id | oval:org.mitre.oval:def:7051 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2010-04-09T10:30:00.000-05:00 | ||||||||||||||||
| title | Apple Safari Prior to 4.0.5 Configuration Bypass Weakness | ||||||||||||||||
| version | 12 |
References
- http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
- http://www.securityfocus.com/bid/38671
- http://support.apple.com/kb/HT4070
- http://www.securityfocus.com/bid/38675
- http://osvdb.org/62937
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56830
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051