Sign-up

ID

VAR-201011-0211


CVE

CVE-2010-1834


TITLE

Apple Mac OS X of CFNetwork User-trackable vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2010-002414

DESCRIPTION

CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address. Apple Mac OS X is prone to a security vulnerability in the CFNetwork component. Specifically, the application allows cookies to be set with a partial IP. This issue affects Mac OS X 10.6 to 10.6.4 and Mac OS X Server 10.6 to 10.6.4. NOTE: This issue was previously covered in BID 44778 (Apple Mac OS X Prior to 10.6.5 Multiple Security Vulnerabilities), but has been given its own record to better document it. CFNetwork is a low-level, high-performance framework, an extension of BSD sockets (sockets), which enables users to flexibly manipulate the protocol stack, and provides standardized abstract APIs to simplify FTP HTTP server interaction tasks, resolve DNS host resolution, etc

Trust: 2.07

sources: NVD: CVE-2010-1834 // JVNDB: JVNDB-2010-002414 // BID: 44811 // VULHUB: VHN-44439 // VULMON: CVE-2010-1834

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.6.3

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.6

vendor:applemodel:mac os xscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.4

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.5

Trust: 0.3

sources: BID: 44811 // JVNDB: JVNDB-2010-002414 // CNNVD: CNNVD-201011-152 // NVD: CVE-2010-1834

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1834
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-1834
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-152
value: MEDIUM

Trust: 0.6

VULHUB: VHN-44439
value: MEDIUM

Trust: 0.1

VULMON: CVE-2010-1834
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-1834
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-44439
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-44439 // VULMON: CVE-2010-1834 // JVNDB: JVNDB-2010-002414 // CNNVD: CNNVD-201011-152 // NVD: CVE-2010-1834

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-44439 // JVNDB: JVNDB-2010-002414 // NVD: CVE-2010-1834

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-152

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201011-152

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-002414

PATCH
title:HT4435url:http://support.apple.com/kb/HT4435
Trust: 0.8
title:HT4435url:http://support.apple.com/kb/HT4435?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-002414

EXTERNAL IDS
db:NVDid:CVE-2010-1834
Trust: 2.9
db:SECTRACKid:1024723
Trust: 1.2
db:JVNDBid:JVNDB-2010-002414
Trust: 0.8
db:CNNVDid:CNNVD-201011-152
Trust: 0.7
db:APPLEid:APPLE-SA-2010-11-10-1
Trust: 0.6
db:BIDid:44811
Trust: 0.5
db:VULHUBid:VHN-44439
Trust: 0.1
db:VULMONid:CVE-2010-1834
Trust: 0.1
sources:
            
            
            VULHUB: VHN-44439 // 
            
            
            
            VULMON: CVE-2010-1834 // 
            
            
            
            BID: 44811 // 
            
            
            
            JVNDB: JVNDB-2010-002414 // 
            
            
            
            CNNVD: CNNVD-201011-152 // 
            
            
            
            NVD: CVE-2010-1834

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010//nov/msg00000.html
Trust: 1.8
url:http://support.apple.com/kb/ht4435
Trust: 1.8
url:http://www.securitytracker.com/id?1024723
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1834
Trust: 0.8
url:http://jvn.jp/cert/jvnvu331391
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1834
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://www.securityfocus.com/advisories/20899
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/44811
Trust: 0.1
sources:
            
            
            VULHUB: VHN-44439 // 
            
            
            
            VULMON: CVE-2010-1834 // 
            
            
            
            BID: 44811 // 
            
            
            
            JVNDB: JVNDB-2010-002414 // 
            
            
            
            CNNVD: CNNVD-201011-152 // 
            
            
            
            NVD: CVE-2010-1834

CREDITS
Apple.
Trust: 0.3
sources:
            
            
            BID: 44811

SOURCES
db:VULHUBid:VHN-44439
db:VULMONid:CVE-2010-1834
db:BIDid:44811
db:JVNDBid:JVNDB-2010-002414
db:CNNVDid:CNNVD-201011-152
db:NVDid:CVE-2010-1834

LAST UPDATE DATE
2025-04-11T22:26:35.618000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-44439date:2010-12-10T00:00:00
db:VULMONid:CVE-2010-1834date:2010-12-10T00:00:00
db:BIDid:44811date:2010-11-12T21:27:00
db:JVNDBid:JVNDB-2010-002414date:2010-11-26T00:00:00
db:CNNVDid:CNNVD-201011-152date:2010-11-17T00:00:00
db:NVDid:CVE-2010-1834date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-44439date:2010-11-15T00:00:00
db:VULMONid:CVE-2010-1834date:2010-11-15T00:00:00
db:BIDid:44811date:2010-11-10T00:00:00
db:JVNDBid:JVNDB-2010-002414date:2010-11-26T00:00:00
db:CNNVDid:CNNVD-201011-152date:2010-11-17T00:00:00
db:NVDid:CVE-2010-1834date:2010-11-15T23:00:04.377