var-200810-0255
Vulnerability from variot
Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. Apple Mail is prone to a weakness in its implementation of S/MIME encryption. An attacker with access to an IMAP or Exchange email server may be able to take advantage of this issue to obtain sensitive information. Mail 3.5 (929.4/929.2) is vulnerable; other versions may also be affected. Apple Mail is the mail client installed by default in Mac OS X machines. According to the standard, using S/MIME means that no one else can view the encrypted mail except the recipient and sender of the mail, and the Store draft messages on the server option stores the mail in plain text before sending it, which makes it possible Cause security misleading and information leakage
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200810-0255",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mail",
"scope": "eq",
"trust": 2.4,
"vendor": "apple",
"version": "3.5"
},
{
"model": "mac os x",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "mail",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.5(929.4/929.2)"
},
{
"model": "mail",
"scope": null,
"trust": 0.3,
"vendor": "apple",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "31598"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:mail:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-4491"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "EnableSecurity\u203b newsletter@enablesecurity.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
],
"trust": 0.6
},
"cve": "CVE-2008-4491",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-4491",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-34616",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-4491",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200810-117",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-34616",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34616"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mail.app 3.5 on Mac OS X, when \"Store draft messages on the server\" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail. Apple Mail is prone to a weakness in its implementation of S/MIME encryption. An attacker with access to an IMAP or Exchange email server may be able to take advantage of this issue to obtain sensitive information. \nMail 3.5 (929.4/929.2) is vulnerable; other versions may also be affected. Apple Mail is the mail client installed by default in Mac OS X machines. According to the standard, using S/MIME means that no one else can view the encrypted mail except the recipient and sender of the mail, and the Store draft messages on the server option stores the mail in plain text before sending it, which makes it possible Cause security misleading and information leakage",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"db": "BID",
"id": "31598"
},
{
"db": "VULHUB",
"id": "VHN-34616"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-4491",
"trust": 2.8
},
{
"db": "BID",
"id": "31598",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1021019",
"trust": 1.7
},
{
"db": "SREASON",
"id": "4363",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20081006 [ENABLESECURITY] APPLE\u0027S MAIL.APP STORES YOUR S/MIME ENCRYPTED EMAILS IN CLEAR TEXT",
"trust": 0.6
},
{
"db": "XF",
"id": "45688",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200810-117",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-34616",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34616"
},
{
"db": "BID",
"id": "31598"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
]
},
"id": "VAR-200810-0255",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-34616"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:49:32.139000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.apple.com/macosx/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34616"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"db": "NVD",
"id": "CVE-2008-4491"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/31598"
},
{
"trust": 1.7,
"url": "http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/"
},
{
"trust": 1.7,
"url": "http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1021019"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/4363"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/497057/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45688"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4491"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-4491"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/45688"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/497057/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/features/mail/"
},
{
"trust": 0.3,
"url": "/archive/1/497057"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-34616"
},
{
"db": "BID",
"id": "31598"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-34616"
},
{
"db": "BID",
"id": "31598"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-10-08T00:00:00",
"db": "VULHUB",
"id": "VHN-34616"
},
{
"date": "2008-10-06T00:00:00",
"db": "BID",
"id": "31598"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"date": "2008-10-08T18:00:03.503000",
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"date": "2008-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-34616"
},
{
"date": "2015-05-07T17:22:00",
"db": "BID",
"id": "31598"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003520"
},
{
"date": "2018-10-11T20:52:01.743000",
"db": "NVD",
"id": "CVE-2008-4491"
},
{
"date": "2009-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mail.app Vulnerable to reading important emails",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003520"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200810-117"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.