Detections
Analytics
CVE-2010-1406
high
Description
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.
References
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7197
http://www.vupen.com/english/advisories/2011/0552
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2010/2722
http://www.vupen.com/english/advisories/2010/1373
http://www.ubuntu.com/usn/USN-1006-1
http://www.securityfocus.com/bid/40620
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
http://support.apple.com/kb/HT4225
http://support.apple.com/kb/HT4196
http://securitytracker.com/id?1024067
http://secunia.com/advisories/43068
http://secunia.com/advisories/41856
http://secunia.com/advisories/40105
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html