OpenCVE

The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X Mac Os X Server

Configuration 1 [-]

OR	cpe:2.3:o:apple:mac_os_x:10.6.0:::::::*
	cpe:2.3:o:apple:mac_os_x:10.6.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.6.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.6.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.6.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.6.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.6.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.6.7:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:apple:mac_os_x_server:10.6.0:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.6.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.6.2:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.6.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.6.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.6.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.6.6:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.6.7:::::::*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
http://support.apple.com/kb/HT4723
http://www.securityfocus.com/bid/48444

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2011-06-24T20:00:00

Updated: 2024-08-06T21:43:15.262Z

Reserved: 2010-12-23T00:00:00

Link: CVE-2011-0207

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-06-24T20:55:02.420

Modified: 2024-11-21T01:23:32.703

Link: CVE-2011-0207

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-06-23T00:00:00", "descriptions": [{"lang": "en", "value": "The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-10-27T09:00:00", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4723"}, {"name": "APPLE-SA-2011-06-23-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"}, {"name": "48444", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/48444"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2011-0207", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://support.apple.com/kb/HT4723", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4723"}, {"name": "APPLE-SA-2011-06-23-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"}, {"name": "48444", "refsource": "BID", "url": "http://www.securityfocus.com/bid/48444"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:43:15.262Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4723"}, {"name": "APPLE-SA-2011-06-23-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"}, {"name": "48444", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/48444"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2011-0207", "datePublished": "2011-06-24T20:00:00", "dateReserved": "2010-12-23T00:00:00", "dateUpdated": "2024-08-06T21:43:15.262Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C69DEE9-3FA5-408E-AD27-F5E7043F852A", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "D25D1FD3-C291-492C-83A7-0AFAFAADC98D", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "5B565F77-C310-4B83-B098-22F9489C226C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "546EBFC8-79F0-42C2-9B9A-A76CA3F19470", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "119C8089-8C98-472E-9E9C-1741AA21DD35", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "831C5105-6409-4743-8FB5-A91D8956202F", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "0B63D169-E2AA-4315-891F-B4AF99F2753C", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:10.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "1E715DFC-ADB8-43D0-9941-76BB0BE7BCF5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "26E34E35-CCE9-42BE-9AFF-561D8AA90E25", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "A04FF6EE-D4DA-4D70-B0CE-154292828531", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "9425320F-D119-49EB-9265-3159070DFE93", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "F6BE138D-619B-4E44-BFB2-8DFE5F0D1E12", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "EF0D1051-F850-4A02-ABA0-968E1336A518", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "A1C9705A-74D4-43BA-A119-C667678F9A15", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "4BBF5FE5-4B25-47BE-8D9D-F228746408EC", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "8CE84A25-CEFB-4165-9498-2E4BF60E2C0E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The MobileMe component in Apple Mac OS X before 10.6.8 uses a cleartext HTTP session for the Mail application to read e-mail aliases, which allows remote attackers to obtain potentially sensitive alias information by sniffing the network."}, {"lang": "es", "value": "El componente MobileMe en Apple Mac OS X antes de v10.6.8 utiliza una sesi\u00f3n de HTTP sin cifrar para la aplicaci\u00f3n Mail para leer aliases de correo electr\u00f3nico, lo que permite a atacantes remotos obtener informaci\u00f3n de alias potencialmente sensible \"esnifando\" la red."}], "id": "CVE-2011-0207", "lastModified": "2024-11-21T01:23:32.703", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-06-24T20:55:02.420", "references": [{"source": "product-security@apple.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"}, {"source": "product-security@apple.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.apple.com/kb/HT4723"}, {"source": "product-security@apple.com", "url": "http://www.securityfocus.com/bid/48444"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.apple.com/kb/HT4723"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/48444"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}