FKIE_CVE-2008-3644

Vulnerability from fkie_nvd - Published: 2008-11-17 18:18 - Updated: 2025-04-09 00:30
Severity ?
Summary
Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser's page cache.
References
cve@mitre.orghttp://lists.apple.com/archives/security-announce//2008/Nov/msg00001.htmlVendor Advisory
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html
cve@mitre.orghttp://secunia.com/advisories/32706
cve@mitre.orghttp://secunia.com/advisories/32756
cve@mitre.orghttp://support.apple.com/kb/HT3298Vendor Advisory
cve@mitre.orghttp://support.apple.com/kb/HT3318
cve@mitre.orghttp://www.securityfocus.com/bid/32291
cve@mitre.orghttp://www.securitytracker.com/id?1021226
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/3232
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32706
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/32756
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3298Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT3318
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/32291
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021226
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/3232
Impacted products
Vendor Product Version
apple safari *
apple safari *
apple safari 0.8
apple safari 0.9
apple safari 1.0
apple safari 1.0
apple safari 1.0
apple safari 1.0.3
apple safari 1.1
apple safari 1.1.1
apple safari 1.2
apple safari 1.2.1
apple safari 1.2.2
apple safari 1.2.3
apple safari 1.2.4
apple safari 1.2.5
apple safari 1.3
apple safari 1.3.1
apple safari 1.3.2
apple safari 2
apple safari 2.0
apple safari 2.0.1
apple safari 2.0.2
apple safari 2.0.3
apple safari 2.0.3_417.9.3
apple safari 2.0.4
apple safari 2.0.4_419.3
apple safari 2.0_pre
apple safari 3
apple safari 3.0
apple safari 3.0
apple safari 3.0.1
apple safari 3.0.1
apple safari 3.0.2
apple safari 3.0.2
apple safari 3.0.3
apple safari 3.0.3
apple safari 3.0.4
apple safari 3.0.4_beta
apple safari 3.0.4_beta
apple safari 3.1
apple safari 3.1.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*",
              "matchCriteriaId": "7EDB7C2F-79A9-486A-BC40-736DE867E48C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40BC89F2-6654-4A53-8B1E-0A9832DCDE68",
              "versionEndIncluding": "3.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09F4ADD0-449B-4DDD-9878-DE86CBD56756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E0AECB7-FE62-4664-B3B8-8161DA6DA4BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A419AE8-F5A2-4E25-9004-AAAB325E201A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "64FE1AA1-32D1-4825-8B2B-E66093937D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "E760CD65-A10E-44F1-B835-DA6B77057C93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C87EDB53-FB6E-4B10-B890-A7195D841C5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "857C92E2-6870-409A-9457-75F8C5C7B959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "834EC299-2010-4306-8CEE-35D735583101",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "443FF271-A3AB-4659-80B2-89F771BF5371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3112AFEB-7893-467C-8B45-A44D5697BB79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FC83309-3A97-4619-B5C1-574610838BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "891514D5-50C8-4EDC-81C5-24ABF8BCC022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "25032A3A-9D05-4E69-9A22-C9B332976769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF75A31C-FE42-4CB4-A0E6-0CAB7B122483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EDD80AB-2A6C-47FF-A1E9-DEB273C6B4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9315ADD-5B97-4639-9B59-806EFD7BC247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7DD81AB-27D6-4CB0-BBF0-5710DAD55A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E44913D-BC8B-4AA1-84EB-EFEAC531B475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E0E57D5-A7C9-4985-8CE4-E0D4B8BBF371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1BB047B-D45E-4695-AAEB-D0830DB1663E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.3_417.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "61652033-FD15-47D6-8B18-CF28E6CE346C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.4_419.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D113B5-070D-4F91-AB5E-222D71C90EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0_pre:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E86DEDD-ABDC-46BD-BAD3-A409635F7801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3BAE980-449F-4F8C-A5BC-6CB7226E971A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*",
              "matchCriteriaId": "A588615E-EE35-4E19-8BDA-598ED9664686",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*",
              "matchCriteriaId": "3E61C168-482B-412A-97E8-B1C651797EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*",
              "matchCriteriaId": "32024B14-B4F7-466E-AEF2-0D3A7E8E1060",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.3:*:windows:*:*:*:*:*",
              "matchCriteriaId": "D137F48A-E670-4BDB-B003-C6BB2A33F250",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.4_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "02C814DE-1884-4F3E-944D-068F7FD55B70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.4_beta:*:windows:*:*:*:*:*",
              "matchCriteriaId": "4201B398-4223-4731-9645-445231909295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "912A26D1-3264-464F-B101-1796B35437E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C453B588-15FD-4A9C-8BC1-6202A21DAE02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apple Safari before 3.2 does not properly prevent caching of form data for form fields that have autocomplete disabled, which allows local users to obtain sensitive information by reading the browser\u0027s page cache."
    },
    {
      "lang": "es",
      "value": "Apple Safari anterior a v3.2. no previene de forma adecuada el cambio de los datos del formulario para campos de formulario que tienen autocompletar desactivado; esto permite a usuarios locales obtener informaci\u00f3n sensible al leer la p\u00e1gina cacheada en el navegador."
    }
  ],
  "id": "CVE-2008-3644",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-11-17T18:18:47.860",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32706"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32756"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3298"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3318"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/32291"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1021226"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/3232"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT3298"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/32291"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021226"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/3232"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.