PT-2012-2755 · Apple · Webkit+1
Published
2012-03-12
·
Updated
2018-01-06
·
CVE-2012-0647
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apple Safari versions prior to 5.1.4
Description
The issue is related to how WebKit in Apple Safari handles redirects in conjunction with HTTP authentication. This might allow remote web servers to capture credentials by logging the
Authorization HTTP header.Recommendations
For versions prior to 5.1.4, update to version 5.1.4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information when using HTTP authentication until the update is applied. Avoid using the
Authorization header in sensitive transactions until the issue is resolved.Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Safari
Webkit