7.5

CVE-2009-0152

iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApplemacOS X Version >= 10.5.0 < 10.5.7
ApplemacOS X Server Version >= 10.5.0 < 10.5.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.17% 0.8
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Patch
Vendor Advisory
Mailing List
http://secunia.com/advisories/35074
Broken Link
http://support.apple.com/kb/HT3549
Patch
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/1297
Broken Link
http://www.securityfocus.com/bid/34926
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id?1022212
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/50487
Third Party Advisory
VDB Entry