Unrated severityNVD Advisory· Published Nov 15, 2010· Updated Apr 29, 2026

CVE-2010-1834

Description

CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address.

Affected products

Apple Inc./Mac OS X6 versions
cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*
- (no CPE)range: 10.6.x < 10.6.5
Apple Inc./Mac OS X Server5 versions
cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*
Apple Inc./Cfnetworkllm-fuzzy
Range: 10.6.x < 10.6.5

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/kb/HT4435nvdPatchVendor Advisory
lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlnvdVendor Advisory
www.securitytracker.com/idnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000