iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
References
Link | Resource |
---|---|
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html | Mailing List Patch Vendor Advisory |
http://secunia.com/advisories/35074 | Broken Link |
http://support.apple.com/kb/HT3549 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/34926 | Broken Link Third Party Advisory VDB Entry |
http://www.securitytracker.com/id?1022212 | Broken Link Third Party Advisory VDB Entry |
http://www.us-cert.gov/cas/techalerts/TA09-133A.html | Third Party Advisory US Government Resource |
http://www.vupen.com/english/advisories/2009/1297 | Broken Link |
https://exchange.xforce.ibmcloud.com/vulnerabilities/50487 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
14 Feb 2024, 15:19
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-312 | |
References | (SECTRACK) http://www.securitytracker.com/id?1022212 - Broken Link, Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/34926 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/35074 - Broken Link | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/50487 - Third Party Advisory, VDB Entry | |
References | (CERT) http://www.us-cert.gov/cas/techalerts/TA09-133A.html - Third Party Advisory, US Government Resource | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2009/May/msg00002.html - Mailing List, Patch, Vendor Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2009/1297 - Broken Link | |
CPE | cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:* |
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
Information
Published : 2009-05-13 15:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-0152
Mitre link : CVE-2009-0152
CVE.ORG link : CVE-2009-0152
JSON object : View
Products Affected
apple
- mac_os_x
- mac_os_x_server
CWE
CWE-312
Cleartext Storage of Sensitive Information