CVE-2012-0647

critical

Description

WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

References

http://www.securitytracker.com/id?1026785

http://secunia.com/advisories/48377

http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html

Details

Source: Mitre, NVD

Published: 2012-03-12

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical