CVE-2008-3644

low

Description

Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.

References

http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html

http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html

http://secunia.com/advisories/32706

http://secunia.com/advisories/32756

http://support.apple.com/kb/HT3298

http://support.apple.com/kb/HT3318

http://www.securityfocus.com/bid/32291

http://www.securitytracker.com/id?1021226

http://www.vupen.com/english/advisories/2008/3232

Details

Source: MITRE

Published: 2008-11-17

Updated: 2012-10-31

Type: CWE-200

Risk Information

CVSS v2

Base Score: 1.9

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.4

Severity: LOW