Vulnerability Name: | CVE-2011-0159 (CCN-66003) | ||||||||
Assigned: | 2010-12-23 | ||||||||
Published: | 2011-03-09 | ||||||||
Updated: | 2011-03-31 | ||||||||
Summary: | The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie. | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-20 | ||||||||
Vulnerability Consequences: | Bypass Security | ||||||||
References: | Source: MITRE Type: CNA CVE-2011-0159 Source: APPLE Type: Vendor Advisory APPLE-SA-2011-03-09-1 Source: CCN Type: SA43698 Apple iOS Multiple Vulnerabilities Source: CCN Type: Apple Web site About the security content of iOS 4.3 Source: CONFIRM Type: Vendor Advisory http://support.apple.com/kb/HT4564 Source: CCN Type: OSVDB ID: 75012 Apple iOS Safari Settings Cookie Clearing Weakness User Information Disclosure Source: CCN Type: BID-46577 WebKit 'HistoryController' Denial of Service Vulnerability Source: BID Type: UNKNOWN 46810 Source: CCN Type: BID-46810 Apple iOS Mobile Safari Cookie Clearing Security Bypass Vulnerability Source: SECTRACK Type: UNKNOWN 1025182 Source: XF Type: UNKNOWN appleios-mobilesafari-sec-bypass(66003) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |