CVE-2009-0143 — MEDIUM (4.3)

Q: How severe is CVE-2009-0143?

CVE-2009-0143 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-0143?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Itunes.

Vulnerability Description

Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Itunes	< 8.1

Related Weaknesses (CWE)

CWE-200

References

http://lists.apple.com/archives/security-announce//2009/Mar/msg00001.htmlMailing ListPatchVendor Advisory
http://osvdb.org/52579Broken Link
http://secunia.com/advisories/34254Third Party Advisory
http://securitytracker.com/id?1021843Third Party AdvisoryVDB Entry
http://support.apple.com/kb/HT3487PatchVendor Advisory
http://www.securityfocus.com/bid/34094Third Party AdvisoryVDB Entry
http://www.vupen.com/english/advisories/2009/0702Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/49201Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
http://lists.apple.com/archives/security-announce//2009/Mar/msg00001.htmlMailing ListPatchVendor Advisory
http://osvdb.org/52579Broken Link
http://secunia.com/advisories/34254Third Party Advisory
http://securitytracker.com/id?1021843Third Party AdvisoryVDB Entry
http://support.apple.com/kb/HT3487PatchVendor Advisory
http://www.securityfocus.com/bid/34094Third Party AdvisoryVDB Entry

FAQ

What is CVE-2009-0143?

CVE-2009-0143 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and ...

How severe is CVE-2009-0143?

CVE-2009-0143 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-0143?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Itunes.