NVD Vulnerability Detail

CVE-2010-0044

Summary	PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.
Summary	Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'PubSub CVE-ID: CVE-2010-0044 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.1 or later, Mac OS X Server v10.6.1 or later, Windows 7, Vista, XP Impact: Visiting or updating a feed may result in a cookie being set, even if Safari is configured to block cookies Description: An implementation issue exists in the handling of cookies set by RSS and Atom feeds. Visiting or updating a feed may result in a cookie being set, even if Safari is configured to block cookies via the "Accept Cookies" preference. This update addresses the issue by respecting the preference while updating or viewing feeds.'
Summary	Per: http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html 'Safari 4.0.5 is available via the Apple Software Update application, or Apple's Safari download site at: http://www.apple.com/safari/download/'
Publication Date	March 15, 2010, 10:28 p.m.
Registration Date	Jan. 29, 2021, 10:55 a.m.
Last Update	Sept. 19, 2017, 10:30 a.m.

Affected software configurations

Related information, measures and tools

No	URL	refsource	タグ
1	http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html	APPLE	Vendor Advisory
2	http://osvdb.org/62937	OSVDB
3	http://support.apple.com/kb/HT4070	CONFIRM	Vendor Advisory
4	http://www.securityfocus.com/bid/38671	BID	Patch
5	http://www.securityfocus.com/bid/38675	BID	Patch
6	https://exchange.xforce.ibmcloud.com/vulnerabilities/56830	XF
7	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051	OVAL

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-16	環境設定	https://cwe.mitre.org/data/definitions/16.html

JVN Vulnerability Information

Apple Safari の PubSub における Cookie が設定される脆弱性

Title	Apple Safari の PubSub における Cookie が設定される脆弱性
Summary	Apple Safari の PubSub には、Cookie をブロックする実装が適切でないため、RSS または Atom フィードを介して Cookie が設定される脆弱性が存在します。
Possible impacts	リモートのウェブサーバにより、RSS または Atom フィードを介して Cookie が設定される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	March 15, 2010, midnight
Registration Date	March 25, 2010, 11:49 a.m.
Last Update	March 25, 2010, 11:49 a.m.

Affected System

アップル

Apple Mac OS X v10.4.11

Apple Mac OS X v10.5.8

Apple Mac OS X v10.6.1 以降

Apple Mac OS X Server v10.4.11

Apple Mac OS X Server v10.5.8

Apple Mac OS X Server v10.6.1 以降

Safari 4.0.5 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2010-0044	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0044
National Vulnerability Database (NVD)
2	CVE-2010-0044	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0044

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-16	https://jvndb.jvn.jp/ja/cwe/CWE-16.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT4070	http://support.apple.com/kb/HT4070
Apple セキュリティアップデート
2	HT4070	http://support.apple.com/kb/HT4070?viewlocale=ja_JP

その他

No	Name	URL
SecurityFocus
1	38675	http://www.securityfocus.com/bid/38675

Change Log

No	Changed Details	Date of change
0	[2010年03月25日] 掲載	Feb. 17, 2018, 10:37 a.m.