CVE-2009-1706

The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Patch Vendor Advisory
http://osvdb.org/54997
http://secunia.com/advisories/35379	Vendor Advisory
http://support.apple.com/kb/HT3613	Patch Vendor Advisory
http://www.securityfocus.com/bid/35260	Exploit Patch
http://www.securityfocus.com/bid/35346
http://www.vupen.com/english/advisories/2009/1522	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari::-:windows:::::
	cpe:2.3:a:apple:safari:3.0:-:windows:::::*
	cpe:2.3:a:apple:safari:3.0.1:-:windows:::::*
	cpe:2.3:a:apple:safari:3.0.2:-:windows:::::*
	cpe:2.3:a:apple:safari:3.0.3:-:windows:::::*
	cpe:2.3:a:apple:safari:3.0.4:-:windows:::::*
	cpe:2.3:a:apple:safari:3.1:-:windows:::::*
	cpe:2.3:a:apple:safari:3.1.1:-:windows:::::*
	cpe:2.3:a:apple:safari:3.1.2:-:windows:::::*
	cpe:2.3:a:apple:safari:3.2:-:windows:::::*
	cpe:2.3:a:apple:safari:3.2.1:-:windows:::::*
	cpe:2.3:a:apple:safari:3.2.2:-:windows:::::*

History

No history.

Information

Published : 2009-06-10 18:00

Updated : 2024-02-04 17:33

NVD link : CVE-2009-1706

Mitre link : CVE-2009-1706

CVE.ORG link : CVE-2009-1706

JSON object : View

Products Affected

apple

safari

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2009-1706", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-06-10T18:00:00.670", "references": [{"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/54997", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35379", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT3613", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35260", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35346", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/1522", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie."}, {"lang": "es", "value": "La caracter\u00edstica de Navegaci\u00f3n Privada de Apple Safari anterior a v4.0 en Windows no elimina las cookies del almacenamiento de cookies alternativo en circunstancias no especificadas en relaci\u00f3n con (1) la desactivaci\u00f3n de la caracter\u00edstica o (2) la salida de la aplicaci\u00f3n, esto hace que sea m\u00e1s sencillo a los servidores Web remotos seguir a los usuarios mediante una cookie."}], "lastModified": "2009-06-19T05:32:05.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E203D81-FABE-4A63-8930-1DA15A86E113", "versionEndIncluding": "3.2.3"}, {"criteria": "cpe:2.3:a:apple:safari:3.0:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49875E29-AA30-4D96-9ED9-538823DD5E1C"}, {"criteria": "cpe:2.3:a:apple:safari:3.0.1:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6C733F3-F5D4-4CF1-866D-61FF9D81D1B3"}, {"criteria": "cpe:2.3:a:apple:safari:3.0.2:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5471735-D9C0-491B-9A6A-07B39AA215CF"}, {"criteria": "cpe:2.3:a:apple:safari:3.0.3:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E5C52F3-2109-40FD-9945-A9A9D42C076E"}, {"criteria": "cpe:2.3:a:apple:safari:3.0.4:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "151DEB6D-5857-4B0B-8449-5735768024A5"}, {"criteria": "cpe:2.3:a:apple:safari:3.1:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC7E7F65-8F3B-42F8-8B2D-9EA1CC4A4300"}, {"criteria": "cpe:2.3:a:apple:safari:3.1.1:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "476EBE1F-66E1-4EF5-8344-BEDA97F306A4"}, {"criteria": "cpe:2.3:a:apple:safari:3.1.2:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "480ED2AC-0DA4-44DA-A902-8534335077B9"}, {"criteria": "cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "77F31F4B-5305-4D75-9277-95EF99A969A9"}, {"criteria": "cpe:2.3:a:apple:safari:3.2.1:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9AD216D-0C95-4843-A1A1-C3C9A6219277"}, {"criteria": "cpe:2.3:a:apple:safari:3.2.2:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04B8652D-BE06-49CB-A636-8B53B2DF9168"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}