Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Published: 2010-03-15
Updated: 2017-09-19
Summary
PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'PubSub CVE-ID: CVE-2010-0044 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting or updating a feed may result in a cookie being set, even if Safari is configured to block cookies Description: An implementation issue exists in the handling of cookies set by RSS and Atom feeds. Visiting or updating a feed may result in a cookie being set, even if Safari is configured to block cookies via the "Accept Cookies" preference. This update addresses the issue by respecting the preference while updating or viewing feeds.' Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'Safari 4.0.5 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/'
Vulnerable Configurations
Part | Description | Count |
Application | Apple | 86 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows |
NASL id | SAFARI_4_0_5.NASL |
description | The version of Safari installed on the remote Windows host is earlier than 4.0.5. It thus is potentially affected by several issues : - A buffer underflow in ImageIO |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 45045 |
published | 2010-03-11 |
reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/45045 |
title | Safari < 4.0.5 Multiple Vulnerabilities |
NASL family | MacOS X Local Security Checks |
NASL id | MACOSX_SAFARI4_0_5.NASL |
description | The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0.5. As such, it is potentially affected by several issues : - An implementation issue in the handling of cookies set by RSS and Atom feeds could result in a cookie being set when visiting or updating a feed even if Safari is configured to block cookies via the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 45044 |
published | 2010-03-11 |
reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/45044 |
title | Mac OS X : Apple Safari < 4.0.5 |
Oval
accepted | 2013-11-11T04:02:37.002-05:00 |
class | vulnerability |
contributors | name | J. Daniel Brown | organization | DTCC |
name | Shane Shaffer | organization | G2, Inc. |
name | Maria Kedovskaya | organization | ALTX-SOFT |
name | Maria Kedovskaya | organization | ALTX-SOFT |
|
definition_extensions | comment | Apple Safari is installed | oval | oval:org.mitre.oval:def:6325 |
|
description | PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. |
family | windows |
id | oval:org.mitre.oval:def:7051 |
status | accepted |
submitted | 2010-04-09T10:30:00.000-05:00 |
title | Apple Safari Prior to 4.0.5 Configuration Bypass Weakness |
version | 12 |