cvelistv5 - cve-2012-0647

CVE-2012-0647 (GCVE-0-2012-0647)

Vulnerability from cvelistv5

Published

2012-03-12 21:00

Modified

2024-08-06 18:30

Severity ?

CWE

Summary

WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.

References

URL

Tags

	http://secunia.com/advisories/48377	third-party-advisory, x_refsource_SECUNIA
	http://www.securitytracker.com/id?1026785	vdb-entry, x_refsource_SECTRACK
	http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html	vendor-advisory, x_refsource_APPLE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:30:53.805Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "48377",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48377"
          },
          {
            "name": "1026785",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026785"
          },
          {
            "name": "APPLE-SA-2012-03-12-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-03-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-05T18:57:01.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "48377",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48377"
        },
        {
          "name": "1026785",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026785"
        },
        {
          "name": "APPLE-SA-2012-03-12-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2012-0647",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "WebKit in Apple Safari before 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "48377",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48377"
            },
            {
              "name": "1026785",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026785"
            },
            {
              "name": "APPLE-SA-2012-03-12-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2012-0647",
    "datePublished": "2012-03-12T21:00:00.000Z",
    "dateReserved": "2012-01-12T00:00:00.000Z",
    "dateUpdated": "2024-08-06T18:30:53.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2012-AVI-141

Vulnerability from certfr_avis

De très nombreuses vulnérabilités ont été corrigées dans Safari, pour de nombreux impacts dont l'exécution de code arbitraire à distance.

Description

De très nombreuses vulnérabilités ont été corrigées dans le navigateur Safari :

de multiples problèmes de corruption mémoire permettent à un attaquant d'exécuter du code arbitraire sur le client à l'aide de pages Web spécialement conçues ;
l'affichage des caractères dans la barre d'adresse permet de tromper un utilisateur sur l'identité du site qu'il visite ;
certaines informations sur l'historique des pages visitées sont enregistrées même quand l'option 'Navigation privée' est activée ;
plusieurs vulnérabilités permettent une injection de code indirecte à distance;
des cookies peuvent être révélés à un site illégitime.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Safari pour Mac OS et Windows versions antérieures à 5.1.4.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT5190 du 12 mars 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eSafari pour Mac OS et Windows versions  ant\u00e9rieures \u00e0 5.1.4.\u003c/p\u003e",
  "content": "## Description\n\nDe tr\u00e8s nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans le navigateur\nSafari :\n\n-   de multiples probl\u00e8mes de corruption m\u00e9moire permettent \u00e0 un\n    attaquant d\u0027ex\u00e9cuter du code arbitraire sur le client \u00e0 l\u0027aide de\n    pages Web sp\u00e9cialement con\u00e7ues ;\n-   l\u0027affichage des caract\u00e8res dans la barre d\u0027adresse permet de tromper\n    un utilisateur sur l\u0027identit\u00e9 du site qu\u0027il visite ;\n-   certaines informations sur l\u0027historique des pages visit\u00e9es sont\n    enregistr\u00e9es m\u00eame quand l\u0027option \u0027Navigation priv\u00e9e\u0027 est activ\u00e9e ;\n-   plusieurs vuln\u00e9rabilit\u00e9s permettent une injection de code indirecte\n    \u00e0 distance;\n-   des cookies peuvent \u00eatre r\u00e9v\u00e9l\u00e9s \u00e0 un site ill\u00e9gitime.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0602"
    },
    {
      "name": "CVE-2012-0589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0589"
    },
    {
      "name": "CVE-2012-0597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0597"
    },
    {
      "name": "CVE-2011-2860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2860"
    },
    {
      "name": "CVE-2011-2855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2855"
    },
    {
      "name": "CVE-2012-0628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0628"
    },
    {
      "name": "CVE-2012-0623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0623"
    },
    {
      "name": "CVE-2012-0588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0588"
    },
    {
      "name": "CVE-2012-0607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0607"
    },
    {
      "name": "CVE-2011-2867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2867"
    },
    {
      "name": "CVE-2012-0640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0640"
    },
    {
      "name": "CVE-2012-0613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0613"
    },
    {
      "name": "CVE-2011-2847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2847"
    },
    {
      "name": "CVE-2012-0630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0630"
    },
    {
      "name": "CVE-2011-2866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2866"
    },
    {
      "name": "CVE-2012-0587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0587"
    },
    {
      "name": "CVE-2011-2825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2825"
    },
    {
      "name": "CVE-2012-0586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0586"
    },
    {
      "name": "CVE-2011-2846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2846"
    },
    {
      "name": "CVE-2012-0608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0608"
    },
    {
      "name": "CVE-2012-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0590"
    },
    {
      "name": "CVE-2012-0606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0606"
    },
    {
      "name": "CVE-2012-0633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0633"
    },
    {
      "name": "CVE-2011-3885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3885"
    },
    {
      "name": "CVE-2012-0595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0595"
    },
    {
      "name": "CVE-2012-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0596"
    },
    {
      "name": "CVE-2012-0627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0627"
    },
    {
      "name": "CVE-2012-0626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0626"
    },
    {
      "name": "CVE-2012-0593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0593"
    },
    {
      "name": "CVE-2012-0617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0617"
    },
    {
      "name": "CVE-2012-0592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0592"
    },
    {
      "name": "CVE-2011-2873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2873"
    },
    {
      "name": "CVE-2012-0585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0585"
    },
    {
      "name": "CVE-2012-0611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0611"
    },
    {
      "name": "CVE-2012-0612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0612"
    },
    {
      "name": "CVE-2012-0599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0599"
    },
    {
      "name": "CVE-2012-0601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0601"
    },
    {
      "name": "CVE-2011-3928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3928"
    },
    {
      "name": "CVE-2012-0614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0614"
    },
    {
      "name": "CVE-2012-0616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0616"
    },
    {
      "name": "CVE-2012-0609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0609"
    },
    {
      "name": "CVE-2012-0621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0621"
    },
    {
      "name": "CVE-2012-0631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0631"
    },
    {
      "name": "CVE-2012-0600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0600"
    },
    {
      "name": "CVE-2011-2857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2857"
    },
    {
      "name": "CVE-2012-0584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0584"
    },
    {
      "name": "CVE-2011-2868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2868"
    },
    {
      "name": "CVE-2011-3909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3909"
    },
    {
      "name": "CVE-2012-0618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0618"
    },
    {
      "name": "CVE-2012-0622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0622"
    },
    {
      "name": "CVE-2011-2869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2869"
    },
    {
      "name": "CVE-2012-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0624"
    },
    {
      "name": "CVE-2012-0604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0604"
    },
    {
      "name": "CVE-2012-0620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0620"
    },
    {
      "name": "CVE-2012-0603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0603"
    },
    {
      "name": "CVE-2011-3888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3888"
    },
    {
      "name": "CVE-2012-0647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0647"
    },
    {
      "name": "CVE-2012-0637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0637"
    },
    {
      "name": "CVE-2012-0629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0629"
    },
    {
      "name": "CVE-2011-2854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2854"
    },
    {
      "name": "CVE-2012-0610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0610"
    },
    {
      "name": "CVE-2012-0648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0648"
    },
    {
      "name": "CVE-2012-0632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0632"
    },
    {
      "name": "CVE-2012-0619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0619"
    },
    {
      "name": "CVE-2011-2870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2870"
    },
    {
      "name": "CVE-2011-2833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2833"
    },
    {
      "name": "CVE-2012-0594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0594"
    },
    {
      "name": "CVE-2011-3908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3908"
    },
    {
      "name": "CVE-2012-0625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0625"
    },
    {
      "name": "CVE-2012-0605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0605"
    },
    {
      "name": "CVE-2011-2871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2871"
    },
    {
      "name": "CVE-2012-0635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0635"
    },
    {
      "name": "CVE-2012-0615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0615"
    },
    {
      "name": "CVE-2012-0636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0636"
    },
    {
      "name": "CVE-2012-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0591"
    },
    {
      "name": "CVE-2012-0639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0639"
    },
    {
      "name": "CVE-2011-3897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3897"
    },
    {
      "name": "CVE-2012-0598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0598"
    },
    {
      "name": "CVE-2011-2877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2877"
    },
    {
      "name": "CVE-2011-2872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2872"
    },
    {
      "name": "CVE-2012-0638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0638"
    },
    {
      "name": "CVE-2011-3887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3887"
    },
    {
      "name": "CVE-2011-3881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3881"
    }
  ],
  "initial_release_date": "2012-03-14T00:00:00",
  "last_revision_date": "2012-03-14T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-141",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-03-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De tr\u00e8s nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Safari, pour de\nnombreux impacts dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Safari",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5190 du 12 mars 2012",
      "url": "http://support.apple.com/kb/HT5190"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2012-0647 (GCVE-0-2012-0647)

Vulnerability from cvelistv5

CERTA-2012-AVI-141

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature