What is the severity of CVE-2010-1406?

CVE-2010-1406 has a Medium severity rating due to the potential exposure of sensitive information.

How do I fix CVE-2010-1406?

To fix CVE-2010-1406, upgrade to a version of Apple Safari that is newer than 5.0 for Mac OS X and 4.1 for earlier versions.

Which versions of Apple Safari are affected by CVE-2010-1406?

CVE-2010-1406 affects versions of Apple Safari prior to 5.0 on Mac OS X 10.5 through 10.6 and prior to 4.1 on Mac OS X 10.4.

What type of vulnerability is CVE-2010-1406?

CVE-2010-1406 is a vulnerability related to the improper handling of the Referer header during HTTP redirects.

Who is affected by CVE-2010-1406?

Users of Apple Safari on Mac and Windows who are using versions before the specified patched releases are affected by CVE-2010-1406.

Vulnerability/
CVE-2010-1406

medium

4.3

CWE

200

11/6/2010

7/8/2024

CVE-2010-1406: Infoleak

First published: Fri Jun 11 2010(Updated: )

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging, a related issue to CVE-2010-0660.

Credit: product-security@apple.com

Affected Software	Affected Version	How to fix
Apple Safari	<=4.0.5
Apple Safari	=4.0
Apple Safari	=4.0.0b
Apple Safari	=4.0.1
Apple Safari	=4.0.2
Apple Safari	=4.0.3
Apple Safari	=4.0.4
Apple Webkit
macOS Yosemite	=10.5
macOS Yosemite	=10.5.0
macOS Yosemite	=10.5.1
macOS Yosemite	=10.5.2
macOS Yosemite	=10.5.3
macOS Yosemite	=10.5.4
macOS Yosemite	=10.5.5
macOS Yosemite	=10.5.6
macOS Yosemite	=10.5.7
macOS Yosemite	=10.5.8
macOS Yosemite	=10.6.0
macOS Yosemite	=10.6.1
macOS Yosemite	=10.6.2
macOS Yosemite	=10.6.3
Apple Mac OS X Server	=10.5
Apple Mac OS X Server	=10.5.0
Apple Mac OS X Server	=10.5.1
Apple Mac OS X Server	=10.5.2
Apple Mac OS X Server	=10.5.3
Apple Mac OS X Server	=10.5.4
Apple Mac OS X Server	=10.5.5
Apple Mac OS X Server	=10.5.6
Apple Mac OS X Server	=10.5.7
Apple Mac OS X Server	=10.5.8
Apple Mac OS X Server	=10.6.0
Apple Mac OS X Server	=10.6.1
Apple Mac OS X Server	=10.6.2
Apple Mac OS X Server	=10.6.3
Microsoft Windows 7
Microsoft Windows Vista
Microsoft Windows XP	=sp2
Microsoft Windows XP	=sp3
macOS Yosemite	=10.4
macOS Yosemite	=10.4.0
macOS Yosemite	=10.4.1
macOS Yosemite	=10.4.2
macOS Yosemite	=10.4.3
macOS Yosemite	=10.4.4
macOS Yosemite	=10.4.5
macOS Yosemite	=10.4.6
macOS Yosemite	=10.4.7
macOS Yosemite	=10.4.8
macOS Yosemite	=10.4.9
macOS Yosemite	=10.4.10
macOS Yosemite	=10.4.11
Apple Mac OS X Server	=10.4
Apple Mac OS X Server	=10.4.0
Apple Mac OS X Server	=10.4.1
Apple Mac OS X Server	=10.4.2
Apple Mac OS X Server	=10.4.3
Apple Mac OS X Server	=10.4.4
Apple Mac OS X Server	=10.4.5
Apple Mac OS X Server	=10.4.6
Apple Mac OS X Server	=10.4.7
Apple Mac OS X Server	=10.4.8
Apple Mac OS X Server	=10.4.9
Apple Mac OS X Server	=10.4.10
Apple Mac OS X Server	=10.4.11

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-1406?
CVE-2010-1406 has a Medium severity rating due to the potential exposure of sensitive information.
How do I fix CVE-2010-1406?
To fix CVE-2010-1406, upgrade to a version of Apple Safari that is newer than 5.0 for Mac OS X and 4.1 for earlier versions.
Which versions of Apple Safari are affected by CVE-2010-1406?
CVE-2010-1406 affects versions of Apple Safari prior to 5.0 on Mac OS X 10.5 through 10.6 and prior to 4.1 on Mac OS X 10.4.
What type of vulnerability is CVE-2010-1406?
CVE-2010-1406 is a vulnerability related to the improper handling of the Referer header during HTTP redirects.
Who is affected by CVE-2010-1406?
Users of Apple Safari on Mac and Windows who are using versions before the specified patched releases are affected by CVE-2010-1406.

collector/nvd-historical
agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/references
agent/weakness
agent/author
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
vendor/apple
canonical/apple safari
version/apple safari/4.0.5
version/apple safari/4.0
version/apple safari/4.0.0b
version/apple safari/4.0.1
version/apple safari/4.0.2
version/apple safari/4.0.3
version/apple safari/4.0.4
canonical/apple webkit
canonical/macos yosemite
version/macos yosemite/10.5
version/macos yosemite/10.5.0
version/macos yosemite/10.5.1
version/macos yosemite/10.5.2
version/macos yosemite/10.5.3
version/macos yosemite/10.5.4
version/macos yosemite/10.5.5
version/macos yosemite/10.5.6
version/macos yosemite/10.5.7
version/macos yosemite/10.5.8
version/macos yosemite/10.6.0
version/macos yosemite/10.6.1
version/macos yosemite/10.6.2
version/macos yosemite/10.6.3
canonical/apple mac os x server
version/apple mac os x server/10.5
version/apple mac os x server/10.5.0
version/apple mac os x server/10.5.1
version/apple mac os x server/10.5.2
version/apple mac os x server/10.5.3
version/apple mac os x server/10.5.4
version/apple mac os x server/10.5.5
version/apple mac os x server/10.5.6
version/apple mac os x server/10.5.7
version/apple mac os x server/10.5.8
version/apple mac os x server/10.6.0
version/apple mac os x server/10.6.1
version/apple mac os x server/10.6.2
version/apple mac os x server/10.6.3
vendor/microsoft
canonical/microsoft windows 7
canonical/microsoft windows vista
canonical/microsoft windows xp
version/microsoft windows xp/sp2
version/microsoft windows xp/sp3
version/macos yosemite/10.4
version/macos yosemite/10.4.0
version/macos yosemite/10.4.1
version/macos yosemite/10.4.2
version/macos yosemite/10.4.3
version/macos yosemite/10.4.4
version/macos yosemite/10.4.5
version/macos yosemite/10.4.6
version/macos yosemite/10.4.7
version/macos yosemite/10.4.8
version/macos yosemite/10.4.9
version/macos yosemite/10.4.10
version/macos yosemite/10.4.11
version/apple mac os x server/10.4
version/apple mac os x server/10.4.0
version/apple mac os x server/10.4.1
version/apple mac os x server/10.4.2
version/apple mac os x server/10.4.3
version/apple mac os x server/10.4.4
version/apple mac os x server/10.4.5
version/apple mac os x server/10.4.6
version/apple mac os x server/10.4.7
version/apple mac os x server/10.4.8
version/apple mac os x server/10.4.9
version/apple mac os x server/10.4.10
version/apple mac os x server/10.4.11

CVE-2010-1406: Infoleak

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2010-1406?

How do I fix CVE-2010-1406?

Which versions of Apple Safari are affected by CVE-2010-1406?

What type of vulnerability is CVE-2010-1406?

Who is affected by CVE-2010-1406?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2010-1406?

How do I fix CVE-2010-1406?

Which versions of Apple Safari are affected by CVE-2010-1406?

What type of vulnerability is CVE-2010-1406?

Who is affected by CVE-2010-1406?