CVE-2009-0144

EUVD-2009-0153
CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
applemac_os_x
10.5.6
applemac_os_x
10.5
applemac_os_x
10.5.1
applemac_os_x
10.5.2
applemac_os_x
10.5.3
applemac_os_x
10.5.4
applemac_os_x
10.5.5
applemac_os_x
10.5.6
applemac_os_x_server
10.5.1
applemac_os_x_server
10.5.2
applemac_os_x_server
10.5.3
applemac_os_x_server
10.5.4
applemac_os_x_server
10.5.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://secunia.com/advisories/35074
http://support.apple.com/kb/HT3549
http://www.securityfocus.com/bid/34926
http://www.securitytracker.com/id?1022214
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1297
https://exchange.xforce.ibmcloud.com/vulnerabilities/50479
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://secunia.com/advisories/35074
http://support.apple.com/kb/HT3549
http://www.securityfocus.com/bid/34926
http://www.securitytracker.com/id?1022214
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1297
https://exchange.xforce.ibmcloud.com/vulnerabilities/50479