CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Apple
  • Mac Os X
  • Mac Os X Server

Configuration 1 [-]

OR cpe:2.3:a:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.2:2008-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.5.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.5.7:*:*:*:*:*:*:*

No data.

References
Link Providers
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html cve-icon cve-icon
http://osvdb.org/56846 cve-icon cve-icon
http://secunia.com/advisories/36096 cve-icon cve-icon
http://support.apple.com/kb/HT3757 cve-icon cve-icon
http://support.apple.com/kb/HT4225 cve-icon cve-icon
http://www.securityfocus.com/bid/35954 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA09-218A.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/2172 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/52418 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-06T15:00:00

Updated: 2024-08-07T05:20:35.152Z

Reserved: 2009-05-20T00:00:00

Link: CVE-2009-1723

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-08-06T15:30:00.233

Modified: 2024-11-21T01:03:12.037

Link: CVE-2009-1723

cve-icon Redhat

No data.