CVE-2009-0152 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2009-0152?

CVE-2009-0152 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-0152?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server.

Vulnerability Description

iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Mac Os X	>= 10.5.0, < 10.5.7
Apple	Mac Os X Server	>= 10.5.0, < 10.5.7

Related Weaknesses (CWE)

CWE-312

References

http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlMailing ListPatchVendor Advisory
http://secunia.com/advisories/35074Broken Link
http://support.apple.com/kb/HT3549PatchVendor Advisory
http://www.securityfocus.com/bid/34926Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1022212Broken LinkThird Party AdvisoryVDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlThird Party AdvisoryUS Government Resource
http://www.vupen.com/english/advisories/2009/1297Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/50487Third Party AdvisoryVDB Entry
http://lists.apple.com/archives/security-announce/2009/May/msg00002.htmlMailing ListPatchVendor Advisory
http://secunia.com/advisories/35074Broken Link
http://support.apple.com/kb/HT3549PatchVendor Advisory
http://www.securityfocus.com/bid/34926Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1022212Broken LinkThird Party AdvisoryVDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-133A.htmlThird Party AdvisoryUS Government Resource
http://www.vupen.com/english/advisories/2009/1297Broken Link

FAQ

What is CVE-2009-0152?

CVE-2009-0152 is a vulnerability with a CVSS score of 7.5 (HIGH). iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote a...

How severe is CVE-2009-0152?

CVE-2009-0152 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-0152?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server.