cvelistv5 - cve-2008-3663

CVE-2008-3663 (GCVE-0-2008-3663)

Vulnerability from cvelistv5

Published

2008-09-24 14:00

Modified

2024-08-07 09:45

Severity ?

CWE

Summary

Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

References

URL

Tags

	http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html	x_refsource_CONFIRM
	http://secunia.com/advisories/33937	third-party-advisory, x_refsource_SECUNIA
	http://int21.de/cve/CVE-2008-3663-squirrelmail.html	x_refsource_MISC
	http://www.securityfocus.com/bid/31321	vdb-entry, x_refsource_BID
	http://support.apple.com/kb/HT3438	x_refsource_CONFIRM
	http://securityreason.com/securityalert/4304	third-party-advisory, x_refsource_SREASON
	http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html	vendor-advisory, x_refsource_APPLE
	http://www.securityfocus.com/archive/1/496601/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilities/45700	vdb-entry, x_refsource_XF
	http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html	vendor-advisory, x_refsource_SUSE
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548	vdb-entry, signature, x_refsource_OVAL

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T09:45:19.086Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html"
          },
          {
            "name": "33937",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33937"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://int21.de/cve/CVE-2008-3663-squirrelmail.html"
          },
          {
            "name": "31321",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31321"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3438"
          },
          {
            "name": "4304",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4304"
          },
          {
            "name": "APPLE-SA-2009-02-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
          },
          {
            "name": "20080922 Squirrelmail: Session hijacking vulnerability, CVE-2008-3663",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496601/100/0/threaded"
          },
          {
            "name": "squirrelmail-cookie-session-hijacking(45700)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45700"
          },
          {
            "name": "SUSE-SR:2009:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
          },
          {
            "name": "SUSE-SR:2008:028",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
          },
          {
            "name": "oval:org.mitre.oval:def:10548",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html"
        },
        {
          "name": "33937",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33937"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://int21.de/cve/CVE-2008-3663-squirrelmail.html"
        },
        {
          "name": "31321",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31321"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3438"
        },
        {
          "name": "4304",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4304"
        },
        {
          "name": "APPLE-SA-2009-02-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
        },
        {
          "name": "20080922 Squirrelmail: Session hijacking vulnerability, CVE-2008-3663",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496601/100/0/threaded"
        },
        {
          "name": "squirrelmail-cookie-session-hijacking(45700)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45700"
        },
        {
          "name": "SUSE-SR:2009:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
        },
        {
          "name": "SUSE-SR:2008:028",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
        },
        {
          "name": "oval:org.mitre.oval:def:10548",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-3663",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html",
              "refsource": "CONFIRM",
              "url": "http://www.nabble.com/ANNOUNCE:-SquirrelMail-1.4.16-Released-td19711998.html"
            },
            {
              "name": "33937",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33937"
            },
            {
              "name": "http://int21.de/cve/CVE-2008-3663-squirrelmail.html",
              "refsource": "MISC",
              "url": "http://int21.de/cve/CVE-2008-3663-squirrelmail.html"
            },
            {
              "name": "31321",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31321"
            },
            {
              "name": "http://support.apple.com/kb/HT3438",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3438"
            },
            {
              "name": "4304",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4304"
            },
            {
              "name": "APPLE-SA-2009-02-12",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
            },
            {
              "name": "20080922 Squirrelmail: Session hijacking vulnerability, CVE-2008-3663",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496601/100/0/threaded"
            },
            {
              "name": "squirrelmail-cookie-session-hijacking(45700)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45700"
            },
            {
              "name": "SUSE-SR:2009:004",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
            },
            {
              "name": "SUSE-SR:2008:028",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
            },
            {
              "name": "oval:org.mitre.oval:def:10548",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10548"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-3663",
    "datePublished": "2008-09-24T14:00:00.000Z",
    "dateReserved": "2008-08-12T00:00:00.000Z",
    "dateUpdated": "2024-08-07T09:45:19.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-529

Vulnerability from certfr_avis

Une vulnérabilité dans SquirrelMail permet l'interception de cookie de session en clair.

Description

SquirrelMail ne positionne pas correctement l'indicateur (flag) Secure pour les cookies de session https, ce qui les rend vulnérables à une interception.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions antérieures à la 1.4.16.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de mise à jour SquirrelMail 1.4.16 du 28 septembre 2008	None	vendor-advisory
Bulletin de mise à jour Squirrel 1.4.16 du 28 septembre 2008 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eLes versions ant\u00e9rieures \u00e0 la 1.4.16.\u003c/p\u003e",
  "content": "## Description\n\nSquirrelMail ne positionne pas correctement l\u0027indicateur (flag) Secure\npour les cookies de session https, ce qui les rend vuln\u00e9rables \u00e0 une\ninterception.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-3663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3663"
    }
  ],
  "initial_release_date": "2008-10-27T00:00:00",
  "last_revision_date": "2008-10-27T00:00:00",
  "links": [
    {
      "title": "Bulletin de mise \u00e0 jour Squirrel 1.4.16 du 28 septembre    2008 :",
      "url": "http://www.squirrelmail.org/index.php"
    }
  ],
  "reference": "CERTA-2008-AVI-529",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-10-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans SquirrelMail permet l\u0027interception de \u003cspan\nclass=\"textit\"\u003ecookie\u003c/span\u003e de session en clair.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans SquirrelMail",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de mise \u00e0 jour SquirrelMail 1.4.16 du 28 septembre 2008",
      "url": null
    }
  ]
}

CERTA-2009-AVI-068

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans le système Mac OS X d'Apple. L'exploitation de ces vulnérabilités permet un grand nombre d'actions, dont l'exécution de code arbitraire à distance.

Description

Apple vient de publier des mises à jour pour son système d'exploitation Mac OS X. Ces correctifs concernent la mise à jour de plusieurs applicatifs :

AFP Server ;
Apple Pixlet Video ;
Carbon Core ;
CFNetwork ;
Certificate Assistant ;
ClamAV ;
CoreText ;
CUPS ;
DS Tools ;
fetchmail ;
Folder Manager ;
FSEvents ;
Network Time ;
perl ;
Printing ;
python ;
Remote Apple Events ;
Safari RSS ;
servermgrd ;
SMB ;
SquirrelMail ;
X11 ;
Xterm.

L'exploitation des différentes vulnérabilités permet d'effectuer un grand nombre d'actions malveillantes, dont l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Mac OS X versions 10.5.6 et antérieures ;
	Apple	N/A	Mac OS X versions 10.4.11 et antérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 2009-001 du 12 février 2009	None	vendor-advisory
Bulletin de sécurité Apple HT3438 du 12 février 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X versions 10.5.6 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X versions 10.4.11 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nApple vient de publier des mises \u00e0 jour pour son syst\u00e8me d\u0027exploitation\nMac OS X. Ces correctifs concernent la mise \u00e0 jour de plusieurs\napplicatifs :\n\n-   AFP Server ;\n-   Apple Pixlet Video ;\n-   Carbon Core ;\n-   CFNetwork ;\n-   Certificate Assistant ;\n-   ClamAV ;\n-   CoreText ;\n-   CUPS ;\n-   DS Tools ;\n-   fetchmail ;\n-   Folder Manager ;\n-   FSEvents ;\n-   Network Time ;\n-   perl ;\n-   Printing ;\n-   python ;\n-   Remote Apple Events ;\n-   Safari RSS ;\n-   servermgrd ;\n-   SMB ;\n-   SquirrelMail ;\n-   X11 ;\n-   Xterm.\n\nL\u0027exploitation des diff\u00e9rentes vuln\u00e9rabilit\u00e9s permet d\u0027effectuer un\ngrand nombre d\u0027actions malveillantes, dont l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-2316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2316"
    },
    {
      "name": "CVE-2008-2361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2361"
    },
    {
      "name": "CVE-2008-2379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2379"
    },
    {
      "name": "CVE-2008-1808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1808"
    },
    {
      "name": "CVE-2009-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0020"
    },
    {
      "name": "CVE-2009-0012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0012"
    },
    {
      "name": "CVE-2008-3663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3663"
    },
    {
      "name": "CVE-2009-0141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0141"
    },
    {
      "name": "CVE-2008-3142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3142"
    },
    {
      "name": "CVE-2007-4565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4565"
    },
    {
      "name": "CVE-2007-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
    },
    {
      "name": "CVE-2009-0139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0139"
    },
    {
      "name": "CVE-2008-4864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4864"
    },
    {
      "name": "CVE-2009-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0019"
    },
    {
      "name": "CVE-2008-1679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1679"
    },
    {
      "name": "CVE-2008-2711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2711"
    },
    {
      "name": "CVE-2008-3144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3144"
    },
    {
      "name": "CVE-2008-2362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2362"
    },
    {
      "name": "CVE-2009-0018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0018"
    },
    {
      "name": "CVE-2009-0140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0140"
    },
    {
      "name": "CVE-2009-0015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0015"
    },
    {
      "name": "CVE-2008-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1379"
    },
    {
      "name": "CVE-2008-5031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5031"
    },
    {
      "name": "CVE-2008-1721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1721"
    },
    {
      "name": "CVE-2008-5050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5050"
    },
    {
      "name": "CVE-2006-1861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1861"
    },
    {
      "name": "CVE-2008-1927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1927"
    },
    {
      "name": "CVE-2007-1667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1667"
    },
    {
      "name": "CVE-2008-5183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5183"
    },
    {
      "name": "CVE-2009-0138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0138"
    },
    {
      "name": "CVE-2009-0014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0014"
    },
    {
      "name": "CVE-2009-0009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0009"
    },
    {
      "name": "CVE-2009-0137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0137"
    },
    {
      "name": "CVE-2008-2360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2360"
    },
    {
      "name": "CVE-2009-0142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0142"
    },
    {
      "name": "CVE-2007-4965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4965"
    },
    {
      "name": "CVE-2009-0011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0011"
    },
    {
      "name": "CVE-2008-5314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5314"
    },
    {
      "name": "CVE-2008-1807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1807"
    },
    {
      "name": "CVE-2008-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1887"
    },
    {
      "name": "CVE-2008-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1377"
    },
    {
      "name": "CVE-2007-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
    },
    {
      "name": "CVE-2008-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2315"
    },
    {
      "name": "CVE-2009-0013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0013"
    },
    {
      "name": "CVE-2009-0017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0017"
    },
    {
      "name": "CVE-2006-3467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3467"
    },
    {
      "name": "CVE-2008-1806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1806"
    }
  ],
  "initial_release_date": "2009-02-13T00:00:00",
  "last_revision_date": "2009-02-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3438 du 12 f\u00e9vrier 2009 :",
      "url": "http://support.apple.com/kb/HT3438"
    }
  ],
  "reference": "CERTA-2009-AVI-068",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me Mac OS X\nd\u0027Apple. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s permet un grand nombre\nd\u0027actions, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 2009-001 du 12 f\u00e9vrier 2009",
      "url": null
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2008-3663 (GCVE-0-2008-3663)

Vulnerability from cvelistv5

CERTA-2008-AVI-529

Vulnerability from certfr_avis

Description

Solution

CERTA-2009-AVI-068

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature