CVE-2011-0159

The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html	Vendor Advisory
http://support.apple.com/kb/HT4564	Vendor Advisory
http://www.securityfocus.com/bid/46810
http://www.securitytracker.com/id?1025182

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:iphone_os:4.0:::::::*
	cpe:2.3:o:apple:iphone_os:4.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.2:::::::*

History

No history.

Information

Published : 2011-03-11 22:55

Updated : 2024-02-04 17:54

NVD link : CVE-2011-0159

Mitre link : CVE-2011-0159

CVE.ORG link : CVE-2011-0159

JSON object : View

Products Affected

apple

iphone_os

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2011-0159", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-03-11T22:55:02.747", "references": [{"url": "http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT4564", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://www.securityfocus.com/bid/46810", "source": "product-security@apple.com"}, {"url": "http://www.securitytracker.com/id?1025182", "source": "product-security@apple.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie."}, {"lang": "es", "value": "La caracter\u00edstica de Configuraci\u00f3n de Safari en Safari en Apple iOS v4.x antes de v4.3 no aplica adecuadamente la limpieza de cookies durante la ejecuci\u00f3n de la aplicaci\u00f3n Safari, lo que podr\u00eda facilitar a los servidores Web remotos rastrear a los usuarios mediante el establecimiento de una \"cookie\"."}], "lastModified": "2011-03-31T03:29:13.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7"}, {"criteria": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36C86BB9-0328-4E34-BC2B-47B3471EC262"}, {"criteria": "cpe:2.3:o:apple:iphone_os:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1878949F-8E15-4751-8D8A-BFB2B9B9254A"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}