Overview
There is a vulnerability in the way Safari handles form data that may expose sensitive information when the forward/backward buttons are used.
Description
Apple Safari is a web browser available for the Mac OS X operating system. A vulnerability exists in the way Safari handles web form data. When a web form is submitted to a server using the POST method and the server returns an HTTP redirect to a GET method URL, Safari may re-POST that data to the GET method URL. It has been reported that this condition occurs when the forward/backward buttons are used. No further information was provided on this vulnerability. |
Impact
A user's form data could be disclosed to a remote server. |
Solution
Apple has released a patch to address this vulnerability. For further details, please see the Apple Security Advisory (Security Updates for Mac OS X 10.3.5). |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was reported by Apple. In turn, Apple credits Rick Osterberg of Harvard University for reporting this issue.
This document was written by Damon Morda.
Other Information
| CVE IDs: | CVE-2004-0743 |
| Severity Metric: | 1.45 |
| Date Public: | 2004-08-10 |
| Date First Published: | 2004-08-16 |
| Date Last Updated: | 2004-08-16 20:34 UTC |
| Document Revision: | 10 |