Sign-up

ID

VAR-201110-0325


CVE

CVE-2011-3242


TITLE

Mac OS X Run on Apple Safari User tracking vulnerability in the private browsing feature

Trust: 0.8

sources: JVNDB: JVNDB-2011-002491

DESCRIPTION

The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X does not properly recognize the Always value of the Block Cookies setting, which makes it easier for remote web servers to track users via a cookie. WebKit is prone to a security-bypass vulnerability. This issue occurs when private browsing mode is enabled. Attackers can exploit this issue to bypass security restrictions. NOTE: This issue was previously discussed in BID 50089 (Apple Safari Prior to 5.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. There is a logic error in Safari's handling of cookies in Private Browsing mode, which sets cookies even if \"Block cookies\" is set to \"Always\"

Trust: 1.98

sources: NVD: CVE-2011-3242 // JVNDB: JVNDB-2011-002491 // BID: 50180 // VULHUB: VHN-51187

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:3.0.1b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.2b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.2.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.2.0b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.2.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 1.1

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 1.0

vendor:applemodel:safariscope:lteversion:5.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0b1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:*

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.6.8 and v10.7.2

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.8 and v10.7.2

Trust: 0.8

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.5

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.3

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2

Trust: 0.3

vendor:webkitmodel:open source project webkit r82222scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r77705scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52833scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52401scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r51295scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r38566scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:2

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.x

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2-1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.8

Trust: 0.3

vendor:applemodel:safariscope:neversion:5.1.1

Trust: 0.3

sources: BID: 50180 // JVNDB: JVNDB-2011-002491 // CNNVD: CNNVD-201110-327 // NVD: CVE-2011-3242

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-3242
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-3242
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201110-327
value: MEDIUM

Trust: 0.6

VULHUB: VHN-51187
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-3242
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-51187
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-51187 // JVNDB: JVNDB-2011-002491 // CNNVD: CNNVD-201110-327 // NVD: CVE-2011-3242

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-51187 // JVNDB: JVNDB-2011-002491 // NVD: CVE-2011-3242

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201110-327

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201110-327

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-002491

PATCH
title:HT5000url:http://support.apple.com/kb/HT5000
Trust: 0.8
title:SafariSetupurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40900
Trust: 0.6
title:Safari5.1.1SnowLeopardurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40899
Trust: 0.6
title:Safari5.1.1Lionurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=40898
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2011-002491 // 
            
            
            
            CNNVD: CNNVD-201110-327

EXTERNAL IDS
db:NVDid:CVE-2011-3242
Trust: 2.8
db:OSVDBid:76391
Trust: 1.1
db:JVNDBid:JVNDB-2011-002491
Trust: 0.8
db:CNNVDid:CNNVD-201110-327
Trust: 0.7
db:APPLEid:APPLE-SA-2011-10-12-4
Trust: 0.6
db:SECUNIAid:46412
Trust: 0.6
db:NSFOCUSid:17924
Trust: 0.6
db:BIDid:50180
Trust: 0.4
db:VULHUBid:VHN-51187
Trust: 0.1
sources:
            
            
            VULHUB: VHN-51187 // 
            
            
            
            BID: 50180 // 
            
            
            
            JVNDB: JVNDB-2011-002491 // 
            
            
            
            CNNVD: CNNVD-201110-327 // 
            
            
            
            NVD: CVE-2011-3242

REFERENCES
url:http://lists.apple.com/archives/security-announce/2011//oct/msg00004.html
Trust: 1.7
url:http://support.apple.com/kb/ht5000
Trust: 1.7
url:http://osvdb.org/76391
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/70569
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3242
Trust: 0.8
url:http://jvn.jp/cert/jvnvu585859
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3242
Trust: 0.8
url:http://secunia.com/advisories/46412
Trust: 0.6
url:http://www.nsfocus.net/vulndb/17924
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
url:http://www.webkit.org/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-51187 // 
            
            
            
            BID: 50180 // 
            
            
            
            JVNDB: JVNDB-2011-002491 // 
            
            
            
            CNNVD: CNNVD-201110-327 // 
            
            
            
            NVD: CVE-2011-3242

CREDITS
John Adamczyk
Trust: 0.3
sources:
            
            
            BID: 50180

SOURCES
db:VULHUBid:VHN-51187
db:BIDid:50180
db:JVNDBid:JVNDB-2011-002491
db:CNNVDid:CNNVD-201110-327
db:NVDid:CVE-2011-3242

LAST UPDATE DATE
2025-04-11T19:46:52.903000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-51187date:2017-08-29T00:00:00
db:BIDid:50180date:2011-10-12T00:00:00
db:JVNDBid:JVNDB-2011-002491date:2011-10-25T00:00:00
db:CNNVDid:CNNVD-201110-327date:2011-11-07T00:00:00
db:NVDid:CVE-2011-3242date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-51187date:2011-10-14T00:00:00
db:BIDid:50180date:2011-10-12T00:00:00
db:JVNDBid:JVNDB-2011-002491date:2011-10-25T00:00:00
db:CNNVDid:CNNVD-201110-327date:2011-10-17T00:00:00
db:NVDid:CVE-2011-3242date:2011-10-14T10:55:09.637