5

CVE-2009-1706

Exploit

The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.

Data is provided by the National Vulnerability Database (NVD)
AppleSafari Update- Editionwindows Version <= 3.2.3
AppleSafari Version3.0 Update- Editionwindows
AppleSafari Version3.0.1 Update- Editionwindows
AppleSafari Version3.0.2 Update- Editionwindows
AppleSafari Version3.0.3 Update- Editionwindows
AppleSafari Version3.0.4 Update- Editionwindows
AppleSafari Version3.1 Update- Editionwindows
AppleSafari Version3.1.1 Update- Editionwindows
AppleSafari Version3.1.2 Update- Editionwindows
AppleSafari Version3.2 Update- Editionwindows
AppleSafari Version3.2.1 Update- Editionwindows
AppleSafari Version3.2.2 Update- Editionwindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.52% 0.656
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://support.apple.com/kb/HT3613
Patch
Vendor Advisory