Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2011-0160 | First vendor Publication | 2011-03-11 |
Vendor | Cve | Last vendor Modification | 2011-03-31 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0160 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:24346 | |||
Oval ID: | oval:org.mitre.oval:def:24346 | ||
Title: | WebKit vulnerability in Apple Safari, which might allow remote web servers to capture credentials | ||
Description: | WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle redirects in conjunction with HTTP Basic Authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0160 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Apple Safari |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-12 | Name : Apple Safari Multiple Vulnerabilities - March 2011 (Mac OS X) File : nvt/gb_apple_safari_mult_vuln_mar11_macosx.nasl |
2011-03-22 | Name : Apple Safari Webkit Multiple Vulnerabilities - March 2011 File : nvt/gb_apple_safari_webkit_mult_vuln_mar11.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
75253 | Apple Safari / iOS WebKit HTTP Basic Authentication Authorization HTTP Header... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-03-10 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari5_0_4.nasl - Type : ACT_GATHER_INFO |
2011-03-10 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_5_0_4.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-02-02 01:15:09 |
|
2024-02-01 12:04:14 |
|
2023-09-05 12:14:10 |
|
2023-09-05 01:04:06 |
|
2023-09-02 12:14:13 |
|
2023-09-02 01:04:09 |
|
2023-08-12 12:17:05 |
|
2023-08-12 01:04:09 |
|
2023-08-11 12:14:18 |
|
2023-08-11 01:04:17 |
|
2023-08-06 12:13:44 |
|
2023-08-06 01:04:11 |
|
2023-08-04 12:13:49 |
|
2023-08-04 01:04:11 |
|
2023-07-14 12:13:46 |
|
2023-07-14 01:04:09 |
|
2023-03-29 01:15:44 |
|
2023-03-28 12:04:15 |
|
2022-10-11 12:12:17 |
|
2022-10-11 01:03:56 |
|
2021-05-23 12:07:40 |
|
2021-05-04 12:13:49 |
|
2021-04-22 01:14:59 |
|
2021-04-10 12:07:13 |
|
2020-05-23 01:43:40 |
|
2020-05-23 00:27:34 |
|
2019-09-27 12:03:45 |
|
2018-11-15 12:03:26 |
|
2018-04-07 12:03:38 |
|
2018-04-06 01:01:32 |
|
2017-11-29 12:03:45 |
|
2017-11-23 12:03:46 |
|
2016-04-26 20:28:06 |
|
2014-02-17 10:59:35 |
|
2013-05-10 22:52:22 |
|