CVE-2009-1706 : The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie sto

The Private Browsing feature in Apple Safari before 4.0 on Windows does not remove cookies from the alternate cookie store in unspecified circumstances upon (1) disabling of the feature or (2) exit of the application, which makes it easier for remote web servers to track users via a cookie.

Published 2009-06-10 18:00:01

Updated 2009-06-19 05:32:06

Source MITRE

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2009-1706

Probability of exploitation activity in the next 30 days: 0.33%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-1706

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2009-1706

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-1706

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

Patch;Vendor Advisory

CVEs referencing this url
http://support.apple.com/kb/HT3613

About the security content of Safari 4.0 - Apple Support
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/35346
http://www.vupen.com/english/advisories/2009/1522

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/35260

Exploit;Patch

CVEs referencing this url

Products affected by CVE-2009-1706

Apple » Safari » Windows Edition
Versions up to, including, (<=) 3.2.3
cpe:2.3:a:apple:safari:*:-:windows:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.2.2 Windows Edition
cpe:2.3:a:apple:safari:3.2.2:-:windows:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.2 Windows Edition
cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.2 Windows Edition
cpe:2.3:a:apple:safari:3.0.2:-:windows:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.1.2 Windows Edition
cpe:2.3:a:apple:safari:3.1.2:-:windows:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.3 Windows Edition
cpe:2.3:a:apple:safari:3.0.3:-:windows:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.4 Windows Edition
cpe:2.3:a:apple:safari:3.0.4:-:windows:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0 Windows Edition
cpe:2.3:a:apple:safari:3.0:-:windows:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.0.1 Windows Edition
cpe:2.3:a:apple:safari:3.0.1:-:windows:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.2.1 Windows Edition
cpe:2.3:a:apple:safari:3.2.1:-:windows:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.1 Windows Edition
cpe:2.3:a:apple:safari:3.1:-:windows:*:*:*:*:*
Matching versions
Apple » Safari » Version: 3.1.1 Windows Edition
cpe:2.3:a:apple:safari:3.1.1:-:windows:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2009-1706

Exploit prediction scoring system (EPSS) score for CVE-2009-1706

CVSS scores for CVE-2009-1706

CWE ids for CVE-2009-1706

References for CVE-2009-1706

Products affected by CVE-2009-1706