{"vuid":"VU#128414","idnumber":"128414","name":"Apple Safari fails to properly handle form data in HTTP redirects","keywords":["Apple Safari","POST","GET","re-POST","forward button","back button","HTTP redirect"],"overview":"There is a vulnerability in the way Safari handles form data that may expose sensitive information when the forward/backward buttons are used.","clean_desc":"Apple Safari is a web browser available for the Mac OS X operating system. A vulnerability exists in the way Safari handles web form data. When a web form is submitted to a server using the POST method and the server returns an HTTP redirect to a GET method URL, Safari may re-POST that data to the GET method URL. It has been reported that this condition occurs when the forward/backward buttons are used. No further information was provided on this vulnerability.","impact":"A user's form data could be disclosed to a remote server.","resolution":"Apple has released a patch to address this vulnerability. For further details, please see the Apple Security Advisory (Security Updates for Mac OS X 10.3.5).","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Apple. In turn, Apple credits Rick Osterberg of Harvard University for reporting this issue.","author":"This document was written by Damon Morda.","public":["http://docs.info.apple.com/article.html?artnum=61798","http://www.securitytracker.com/alerts/2004/Aug/1010904.html","http://xforce.iss.net/xforce/xfdb/16944","http://secunia.com/advisories/12249/"],"cveids":["CVE-2004-0743"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-08-11T14:30:23Z","publicdate":"2004-08-10T00:00:00Z","datefirstpublished":"2004-08-16T20:34:51Z","dateupdated":"2004-08-16T20:34:55Z","revision":10,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"2","cam_attackeraccessrequired":"17","cam_scorecurrent":"1.4535","cam_scorecurrentwidelyknown":"1.836","cam_scorecurrentwidelyknownexploited":"3.366","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":1.4535,"vulnote":null}