CVE-2012-0647

Name of the Vulnerable Software and Affected Versions Apple Safari versions prior to 5.1.4

Description The issue is related to how WebKit in Apple Safari handles redirects in conjunction with HTTP authentication. This might allow remote web servers to capture credentials by logging the Authorization HTTP header.

Recommendations For versions prior to 5.1.4, update to version 5.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information when using HTTP authentication until the update is applied. Avoid using the Authorization header in sensitive transactions until the issue is resolved.