CVE-2010-0044 - OpenCVE

PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Safari

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:a:apple:safari:4.0:::::::*
	cpe:2.3:a:apple:safari:4.0.0b:::::::*
	cpe:2.3:a:apple:safari:4.0.1:::::::*
	cpe:2.3:a:apple:safari:4.0.2:::::::*
	cpe:2.3:a:apple:safari:4.0.3:::::::*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
http://osvdb.org/62937
http://support.apple.com/kb/HT4070
http://www.securityfocus.com/bid/38671
http://www.securityfocus.com/bid/38675
https://exchange.xforce.ibmcloud.com/vulnerabilities/56830
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2010-03-12T20:00:00

Updated: 2024-08-07T00:37:53.843Z

Reserved: 2009-12-15T00:00:00

Link: CVE-2010-0044

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-03-15T13:28:25.467

Modified: 2017-09-19T01:30:11.517

Link: CVE-2010-0044

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "APPLE-SA-2010-03-11-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"}, {"name": "38675", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38675"}, {"name": "safari-pubsub-security-bypass(56830)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56830"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4070"}, {"name": "62937", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/62937"}, {"name": "oval:org.mitre.oval:def:7051", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051"}, {"name": "38671", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38671"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2010-0044", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2010-03-11-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"}, {"name": "38675", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38675"}, {"name": "safari-pubsub-security-bypass(56830)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56830"}, {"name": "http://support.apple.com/kb/HT4070", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4070"}, {"name": "62937", "refsource": "OSVDB", "url": "http://osvdb.org/62937"}, {"name": "oval:org.mitre.oval:def:7051", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051"}, {"name": "38671", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38671"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:37:53.843Z"}, "title": "CVE Program Container", "references": [{"name": "APPLE-SA-2010-03-11-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"}, {"name": "38675", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/38675"}, {"name": "safari-pubsub-security-bypass(56830)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56830"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4070"}, {"name": "62937", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/62937"}, {"name": "oval:org.mitre.oval:def:7051", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051"}, {"name": "38671", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/38671"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2010-0044", "datePublished": "2010-03-12T20:00:00", "dateReserved": "2009-12-15T00:00:00", "dateUpdated": "2024-08-07T00:37:53.843Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1816CD6-0159-4684-A54D-94866D3FE570", "versionEndIncluding": "4.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*", "matchCriteriaId": "02EAC196-AE43-4787-9AF9-E79E2E1BBA46", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "36EA71E0-63F7-46FF-AF11-792741F27628", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "80E36485-565D-4FAA-A6AD-57DF42D47462", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed."}, {"lang": "es", "value": "PubSub en Apple Safari anterior a v 4.0.5 no implementa adecuadamente las preferencias de uso para aceptar y rechazar cookies, lo que facilita a servidores web remotos seguir las preferencias de usuario (tracking) estableciendo una cookie en un (1) RSS o (2) Atom feed."}], "evaluatorComment": "Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\r\n\r\n'PubSub\r\nCVE-ID: CVE-2010-0044\r\nAvailable for: Mac OS X v10.4.11, Mac OS X Server v10.4.11,\r\nMac OS X v10.5.8, Mac OS X Server v10.5.8,\r\nMac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later,\r\nWindows 7, Vista, XP\r\nImpact: Visiting or updating a feed may result in a cookie being\r\nset, even if Safari is configured to block cookies\r\nDescription: An implementation issue exists in the handling of\r\ncookies set by RSS and Atom feeds. Visiting or updating a feed may\r\nresult in a cookie being set, even if Safari is configured to block\r\ncookies via the \"Accept Cookies\" preference. This update addresses\r\nthe issue by respecting the preference while updating or viewing\r\nfeeds.'", "evaluatorSolution": "Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html\r\n\r\n'Safari 4.0.5 is available via the Apple Software Update application,\r\nor Apple's Safari download site at:\r\nhttp://www.apple.com/safari/download/'", "id": "CVE-2010-0044", "lastModified": "2017-09-19T01:30:11.517", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-03-15T13:28:25.467", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html"}, {"source": "product-security@apple.com", "url": "http://osvdb.org/62937"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT4070"}, {"source": "product-security@apple.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/38671"}, {"source": "product-security@apple.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/38675"}, {"source": "product-security@apple.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56830"}, {"source": "product-security@apple.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}