CVE-2010-0051 — Improper Input Validation in Apple Safari

CWE-20 — Improper Input Validation6 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

2.4%

top 14.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedMar 15

Latest updateMay 2

Description

WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari4.0.4+5

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-9j9x-qw8r-p5pq: WebKit in Apple Safari before 4↗2022-05-02

▶

📋Vendor Advisories

Red Hat

webkit: remote information disclosure↗2009-01-26

▶

💬Community

Bugzilla

CVE-2010-4225 mod_mono: remote source code exposure flaw↗2011-01-12

▶

Bugzilla

CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054 qt, webkitgtk: multiple security vulnerabilities in WebKit↗2010-03-03

▶

Bugzilla

CVE-2010-0651 webkit: remote information disclosure↗2010-02-24

▶