CVE-2010-1384

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 11-06-2010 08:00

Last modified: - 14-11-2022 06:02

Total changes: - 2

Description

Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not provide a warning about a (1) http or (2) https URL that contains a username and password, which makes it easier for remote attackers to conduct phishing attacks via a crafted URL.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:P/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

4.3

Base score

8.6

2.9

Exploitability score

Impact score

Verification logic

Reference

1024067-
ADV-2010-1373-Patch, Vendor Advisory
40620-Patch
40105-Vendor Advisory
APPLE-SA-2010-06-07-1-Patch, Vendor Advisory
http://support.apple.com/kb/HT4196
http://support.apple.com/kb/HT4225
APPLE-SA-2010-06-21-1-
APPLE-SA-2010-11-22-1-
http://support.apple.com/kb/HT4456
JVNDB-2010-001538-
JVN#46026251-
42314-
oval:org.mitre.oval:def:6812-

Keywords

CVE-2010-1384

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2010-1384

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures