CVE-2009-1706
CVSS V2 Medium 5
CVSS V3 None
Description
The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.
Overview
- CVE ID
- CVE-2009-1706
- Assigner
- cve@mitre.org
- Vulnerability Status
- Modified
- Published Version
- 2009-06-10T18:00:00
- Last Modified Date
- 2009-06-19T05:32:05
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:apple:safari:*:-:windows:*:*:*:*:* | 1 | OR | 3.2.3 | |
| cpe:2.3:a:apple:safari:3.0:-:windows:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:apple:safari:3.0.1:-:windows:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:apple:safari:3.0.2:-:windows:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:apple:safari:3.0.3:-:windows:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:apple:safari:3.0.4:-:windows:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:apple:safari:3.1:-:windows:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:apple:safari:3.1.1:-:windows:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:apple:safari:3.1.2:-:windows:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:apple:safari:3.2.1:-:windows:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:apple:safari:3.2.2:-:windows:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- NONE
- Availability Impact
- NONE
- Base Score
- 5
- Severity
- MEDIUM
- Exploitability Score
- 10
- Impact Score
- 2.9
References
| Reference URL | Reference Tags |
|---|---|
| http://www.vupen.com/english/advisories/2009/1522 | Patch Vendor Advisory |
| http://secunia.com/advisories/35379 | Vendor Advisory |
| http://www.securityfocus.com/bid/35260 | Exploit Patch |
| http://support.apple.com/kb/HT3613 | Patch Vendor Advisory |
| http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | Patch Vendor Advisory |
| http://www.securityfocus.com/bid/35346 | |
| http://osvdb.org/54997 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2009-1706 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1706 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 11:15:03 | Added to TrackCVE |