CVE-2013-5167 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2013-5167

CWE

https://cwe.mitre.org/data/definitions/16.html

CFNetwork in Apple Mac OS X before 10.9 does not properly support Safaris deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers.

Affected Software

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	*	10.8.5 (including)
Mac_os_x	Apple	10.8.0 (including)	10.8.0 (including)
Mac_os_x	Apple	10.8.1 (including)	10.8.1 (including)
Mac_os_x	Apple	10.8.2 (including)	10.8.2 (including)
Mac_os_x	Apple	10.8.3 (including)	10.8.3 (including)
Mac_os_x	Apple	10.8.4 (including)	10.8.4 (including)
Mac_os_x	Apple	10.8.5 (including)	10.8.5 (including)

References

http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html