CVE-2009-0152

iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
References
Link Resource
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html Mailing List Patch Vendor Advisory
http://secunia.com/advisories/35074 Broken Link
http://support.apple.com/kb/HT3549 Patch Vendor Advisory
http://www.securityfocus.com/bid/34926 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1022212 Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-133A.html Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2009/1297 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/50487 Third Party Advisory VDB Entry
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html Mailing List Patch Vendor Advisory
http://secunia.com/advisories/35074 Broken Link
http://support.apple.com/kb/HT3549 Patch Vendor Advisory
http://www.securityfocus.com/bid/34926 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1022212 Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-133A.html Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2009/1297 Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/50487 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:59

Type Values Removed Values Added
References () http://lists.apple.com/archives/security-announce/2009/May/msg00002.html - Mailing List, Patch, Vendor Advisory () http://lists.apple.com/archives/security-announce/2009/May/msg00002.html - Mailing List, Patch, Vendor Advisory
References () http://secunia.com/advisories/35074 - Broken Link () http://secunia.com/advisories/35074 - Broken Link
References () http://support.apple.com/kb/HT3549 - Patch, Vendor Advisory () http://support.apple.com/kb/HT3549 - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/34926 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/34926 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1022212 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1022212 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.us-cert.gov/cas/techalerts/TA09-133A.html - Third Party Advisory, US Government Resource () http://www.us-cert.gov/cas/techalerts/TA09-133A.html - Third Party Advisory, US Government Resource
References () http://www.vupen.com/english/advisories/2009/1297 - Broken Link () http://www.vupen.com/english/advisories/2009/1297 - Broken Link
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/50487 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/50487 - Third Party Advisory, VDB Entry

14 Feb 2024, 15:19

Type Values Removed Values Added
CVSS v2 : 5.0
v3 : unknown
v2 : 5.0
v3 : 7.5
CWE CWE-16 CWE-312
References () http://lists.apple.com/archives/security-announce/2009/May/msg00002.html - Patch, Vendor Advisory () http://lists.apple.com/archives/security-announce/2009/May/msg00002.html - Mailing List, Patch, Vendor Advisory
References () http://secunia.com/advisories/35074 - () http://secunia.com/advisories/35074 - Broken Link
References () http://www.securityfocus.com/bid/34926 - () http://www.securityfocus.com/bid/34926 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1022212 - () http://www.securitytracker.com/id?1022212 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.us-cert.gov/cas/techalerts/TA09-133A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA09-133A.html - Third Party Advisory, US Government Resource
References () http://www.vupen.com/english/advisories/2009/1297 - () http://www.vupen.com/english/advisories/2009/1297 - Broken Link
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/50487 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/50487 - Third Party Advisory, VDB Entry
CPE cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*

Information

Published : 2009-05-13 15:30

Updated : 2024-11-21 00:59


NVD link : CVE-2009-0152

Mitre link : CVE-2009-0152

CVE.ORG link : CVE-2009-0152


JSON object : View

Products Affected

apple

  • mac_os_x
  • mac_os_x_server
CWE
CWE-312

Cleartext Storage of Sensitive Information