Vulnerability Details : CVE-2011-0159
The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does not properly implement the clearing of cookies during execution of the Safari application, which might make it easier for remote web servers to track users by setting a cookie.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2011-0159
Probability of exploitation activity in the next 30 days: 0.30%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-0159
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-0159
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0159
-
http://www.securitytracker.com/id?1025182
Apple iOS Bugs Let Remote Users Deny Service and Obtain Potentially Sensitive Information - SecurityTracker
-
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
Apple - Lists.apple.comVendor Advisory
-
http://www.securityfocus.com/bid/46810
Apple iOS Mobile Safari Cookie Clearing Security Bypass Vulnerability
-
http://support.apple.com/kb/HT4564
About the security content of iOS 4.3 - Apple SupportVendor Advisory
Products affected by CVE-2011-0159
- cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:4.2:*:*:*:*:*:*:*