Vulnerability Details CVE-2009-0152
iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://secunia.com/advisories/35074
- http://support.apple.com/kb/HT3549
- http://www.securityfocus.com/bid/34926
- http://www.securitytracker.com/id?1022212
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vupen.com/english/advisories/2009/1297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50487
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://secunia.com/advisories/35074
- http://support.apple.com/kb/HT3549
- http://www.securityfocus.com/bid/34926
- http://www.securitytracker.com/id?1022212
- http://www.us-cert.gov/cas/techalerts/TA09-133A.html
- http://www.vupen.com/english/advisories/2009/1297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50487
Products affected by CVE-2009-0152
-
cpe:2.3:o:apple:mac_os_x:10.5.0
-
cpe:2.3:o:apple:mac_os_x:10.5.1
-
cpe:2.3:o:apple:mac_os_x:10.5.2
-
cpe:2.3:o:apple:mac_os_x:10.5.3
-
cpe:2.3:o:apple:mac_os_x:10.5.4
-
cpe:2.3:o:apple:mac_os_x:10.5.5
-
cpe:2.3:o:apple:mac_os_x:10.5.6
-
cpe:2.3:o:apple:mac_os_x_server:10.5.0
-
cpe:2.3:o:apple:mac_os_x_server:10.5.1
-
cpe:2.3:o:apple:mac_os_x_server:10.5.2
-
cpe:2.3:o:apple:mac_os_x_server:10.5.3
-
cpe:2.3:o:apple:mac_os_x_server:10.5.4
-
cpe:2.3:o:apple:mac_os_x_server:10.5.5
-
cpe:2.3:o:apple:mac_os_x_server:10.5.6