The WebKit component in Safari in Apple iPhone OS prior to 3.1, and iPhone OS prior to 3.1.1 for iPod touch, does not remove usernames and passwords from URLs sent in Referer headers, which allows remote malicious users to obtain sensitive information by reading Referer logs on a web server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple iphone os |
||
canonical ubuntu linux 9.10 |
||
canonical ubuntu linux 10.04 |
||
canonical ubuntu linux 10.10 |