Sign-up

ID

VAR-201003-0237


CVE

CVE-2010-0502


TITLE

Apple Mac OS X of iChat Vulnerabilities that can bypass message auditing on the server

Trust: 0.8

sources: JVNDB: JVNDB-2010-001257

DESCRIPTION

iChat Server in Apple Mac OS X Server before 10.6.3, when group chat is used, does not perform logging for all types of messages, which might allow remote attackers to avoid message auditing via an unspecified selection of message type. Remote attackers can exploit this issue to send messages which are not logged. This may aid in further attacks. The following are vulnerable: Mac OS X Server 10.5.8 Mac OS X Server 10.6 prior to 10.6.3 NOTE: This issue was previously covered in BID 39020 (Apple Mac OS X APPLE-SA-2010-03-29-1 Multiple Security Vulnerabilities) but has been assigned its own record to better document it

Trust: 1.98

sources: NVD: CVE-2010-0502 // JVNDB: JVNDB-2010-001257 // BID: 39235 // VULHUB: VHN-43107

AFFECTED PRODUCTS

vendor:applemodel:mac os x serverscope:eqversion:10.5.6

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.2

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.1

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.4

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.5

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.0

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.7

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.5.3

Trust: 1.6

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:lteversion:10.6.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6 to v10.6.2

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac os serverscope:neversion:x10.6.3

Trust: 0.3

sources: BID: 39235 // JVNDB: JVNDB-2010-001257 // CNNVD: CNNVD-201003-464 // NVD: CVE-2010-0502

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0502
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0502
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201003-464
value: MEDIUM

Trust: 0.6

VULHUB: VHN-43107
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0502
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-43107
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-43107 // JVNDB: JVNDB-2010-001257 // CNNVD: CNNVD-201003-464 // NVD: CVE-2010-0502

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-DesignError

Trust: 0.8

sources: JVNDB: JVNDB-2010-001257 // NVD: CVE-2010-0502

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201003-464

TYPE

Design Error

Trust: 0.9

sources: BID: 39235 // CNNVD: CNNVD-201003-464

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001257

PATCH
title:HT4077url:http://support.apple.com/kb/HT4077
Trust: 0.8
title:HT4077url:http://support.apple.com/kb/HT4077?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001257

EXTERNAL IDS
db:NVDid:CVE-2010-0502
Trust: 2.8
db:JVNDBid:JVNDB-2010-001257
Trust: 0.8
db:CNNVDid:CNNVD-201003-464
Trust: 0.7
db:NSFOCUSid:14715
Trust: 0.6
db:APPLEid:APPLE-SA-2010-03-29-1
Trust: 0.6
db:BIDid:39235
Trust: 0.4
db:VULHUBid:VHN-43107
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43107 // 
            
            
            
            BID: 39235 // 
            
            
            
            JVNDB: JVNDB-2010-001257 // 
            
            
            
            CNNVD: CNNVD-201003-464 // 
            
            
            
            NVD: CVE-2010-0502

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010//mar/msg00001.html
Trust: 1.7
url:http://support.apple.com/kb/ht4077
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0502
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0502
Trust: 0.8
url:http://www.nsfocus.net/vulndb/14715
Trust: 0.6
url:http://www.apple.com/macosx/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-43107 // 
            
            
            
            BID: 39235 // 
            
            
            
            JVNDB: JVNDB-2010-001257 // 
            
            
            
            CNNVD: CNNVD-201003-464 // 
            
            
            
            NVD: CVE-2010-0502

CREDITS
Michael KisorDamian Put <pucik@cc-team.org>
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201003-464

SOURCES
db:VULHUBid:VHN-43107
db:BIDid:39235
db:JVNDBid:JVNDB-2010-001257
db:CNNVDid:CNNVD-201003-464
db:NVDid:CVE-2010-0502

LAST UPDATE DATE
2025-04-11T20:11:11.143000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-43107date:2010-03-31T00:00:00
db:BIDid:39235date:2010-03-29T00:00:00
db:JVNDBid:JVNDB-2010-001257date:2010-04-14T00:00:00
db:CNNVDid:CNNVD-201003-464date:2010-03-31T00:00:00
db:NVDid:CVE-2010-0502date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-43107date:2010-03-30T00:00:00
db:BIDid:39235date:2010-03-29T00:00:00
db:JVNDBid:JVNDB-2010-001257date:2010-04-14T00:00:00
db:CNNVDid:CNNVD-201003-464date:2010-03-30T00:00:00
db:NVDid:CVE-2010-0502date:2010-03-30T18:30:00.640