loader/DocumentThreadableLoader.cpp in the XMLHttpRequest implementation in WebCore in WebKit before r58409 does not properly handle credentials during a cross-origin synchronous request, which has unspecified impact and remote attack vectors, aka rdar problem 7905150.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2010-08-19 15:00
Updated : 2011-03-17 19:49
NVD link : CVE-2010-1760
Mitre link : CVE-2010-1760
JSON object : View
CWE
CWE-255
Credentials Management Errors
Products Affected
apple
- webkit