Vulnerability Note VU#128414
Apple Safari fails to properly handle form data in HTTP redirects
There is a vulnerability in the way Safari handles form data that may expose sensitive information when the forward/backward buttons are used.
Apple Safari is a web browser available for the Mac OS X operating system. A vulnerability exists in the way Safari handles web form data. When a web form is submitted to a server using the POST method and the server returns an HTTP redirect to a GET method URL, Safari may re-POST that data to the GET method URL. It has been reported that this condition occurs when the forward/backward buttons are used. No further information was provided on this vulnerability.
A user's form data could be disclosed to a remote server.
Apple has released a patch to address this vulnerability. For further details, please see the Apple Security Advisory (Security Updates for Mac OS X 10.3.5).
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer Inc.||Affected||-||16 Aug 2004|
CVSS Metrics (Learn More)
This vulnerability was reported by Apple. In turn, Apple credits Rick Osterberg of Harvard University for reporting this issue.
This document was written by Damon Morda.
- CVE IDs: CAN-2004-0743
- Date Public: 10 Aug 2004
- Date First Published: 16 Aug 2004
- Date Last Updated: 16 Aug 2004
- Severity Metric: 1.45
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.