WebKit in Apple Safari prior to 5.1.4 does not properly handle redirects in conjunction with HTTP authentication, which might allow remote web servers to capture credentials by logging the Authorization HTTP header.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apple safari 3.0.1 |
||
apple safari 4.0.3 |
||
apple safari 3.2.2b |
||
apple safari 3.2.2 |
||
apple safari 3.0 |
||
apple safari 2.0.4 |
||
apple safari 1.3.2 |
||
apple safari 1.2 |
||
apple safari 1.3 |
||
apple safari 1.3.1 |
||
apple safari 5.1.1 |
||
apple safari 4.0.4 |
||
apple safari 2.0.3 |
||
apple safari 4.1.1 |
||
apple safari 5.0.2 |
||
apple safari 1.1.0 |
||
apple safari 1.0b1 |
||
apple safari 3.0.0b |
||
apple safari 3.0.0 |
||
apple safari 3.0.4 |
||
apple safari |
||
apple safari 3.1.0b |
||
apple safari 5.1 |
||
apple safari 3.2.1 |
||
apple safari 5.0.4 |
||
apple safari 3.2.1b |
||
apple safari 3.2.0 |
||
apple safari 5.0 |
||
apple safari 3.0.2 |
||
apple safari 3.0.3 |
||
apple safari 3.1.2 |
||
apple safari 1.2.1 |
||
apple safari 4.0.5 |
||
apple safari 1.1 |
||
apple safari 5.1.2 |
||
apple safari 4.1 |
||
apple safari 4.1.2 |
||
apple safari 2 |
||
apple safari 1.0.2 |
||
apple safari 1.0.1 |
||
apple safari 3.0.1b |
||
apple safari 3.0.4b |
||
apple safari 3.1.0 |
||
apple safari 3.1.1b |
||
apple safari 4.0.0b |
||
apple safari 4.0 |
||
apple safari 4.0.1 |
||
apple safari 2.0.2 |
||
apple safari 1.2.4 |
||
apple safari 1.2.5 |
||
apple safari 1.0 |
||
apple safari 1.0.3 |
||
apple safari 5.0.5 |
||
apple safari 1.3.0 |
||
apple safari 1.2.0 |
||
apple safari 3.0.3b |
||
apple safari 5.0.6 |
||
apple safari 3.2.0b |
||
apple safari 3.1.2b |
||
apple safari 3 |
||
apple safari 1.1.1 |
||
apple safari 2.0 |
||
apple safari 2.0.1 |
||
apple safari 1.2.2 |
||
apple safari 1.2.3 |
||
apple safari 4.0.2 |
||
apple safari 3.1.1 |
||
apple safari 5.0.1 |
||
apple safari 1.0.0 |
||
apple safari 1.0.0b2 |
||
apple safari 1.0.0b1 |
||
apple safari 2.0.0 |
||
apple safari 3.0.2b |
Vulmon