ID

VAR-201008-0308


CVE

CVE-2010-1800


TITLE

Apple Mac OS X of CFNetwork Vulnerability in which important information is obtained

Trust: 0.8

sources: JVNDB: JVNDB-2010-001970

DESCRIPTION

CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL and TLS connections, which allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses. Apple Mac OS X is prone to an information-disclosure vulnerability that exists in the CFNetwork component. An attacker can exploit this issue to redirect connections and intercept user credentials or other sensitive information. This may lead to other attacks. This issue does not affect the Apple Mail application. Mac OS X 10.6.4, Mac OS X Server 10.6.4 and prior are vulnerable

Trust: 1.98

sources: NVD: CVE-2010-1800 // JVNDB: JVNDB-2010-001970 // BID: 42651 // VULHUB: VHN-44405

AFFECTED PRODUCTS

vendor:applemodel:cfnetworkscope: - version: -

Trust: 1.4

vendor:applemodel:cfnetworkscope:eqversion:*

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.6.4

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.4

Trust: 0.8

vendor:applemodel:mac os serverscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

sources: BID: 42651 // JVNDB: JVNDB-2010-001970 // CNNVD: CNNVD-201008-293 // NVD: CVE-2010-1800

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1800
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-1800
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201008-293
value: MEDIUM

Trust: 0.6

VULHUB: VHN-44405
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-1800
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-44405
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-44405 // JVNDB: JVNDB-2010-001970 // CNNVD: CNNVD-201008-293 // NVD: CVE-2010-1800

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-44405 // JVNDB: JVNDB-2010-001970 // NVD: CVE-2010-1800

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201008-293

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201008-293

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001970

PATCH

title:HT4312url:http://support.apple.com/kb/HT4312

Trust: 0.8

title:HT4312url:http://support.apple.com/kb/HT4312?viewlocale=ja_JP

Trust: 0.8

sources: JVNDB: JVNDB-2010-001970

EXTERNAL IDS

db:NVDid:CVE-2010-1800

Trust: 2.8

db:SECTRACKid:1024359

Trust: 2.5

db:JVNDBid:JVNDB-2010-001970

Trust: 0.8

db:CNNVDid:CNNVD-201008-293

Trust: 0.7

db:APPLEid:APPLE-SA-2010-08-24-1

Trust: 0.6

db:BIDid:42651

Trust: 0.4

db:VULHUBid:VHN-44405

Trust: 0.1

sources: VULHUB: VHN-44405 // BID: 42651 // JVNDB: JVNDB-2010-001970 // CNNVD: CNNVD-201008-293 // NVD: CVE-2010-1800

REFERENCES

url:http://securitytracker.com/id?1024359

Trust: 2.5

url:http://lists.apple.com/archives/security-announce/2010//aug/msg00003.html

Trust: 1.7

url:http://support.apple.com/kb/ht4312

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1800

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1800

Trust: 0.8

url:http://www.apple.com/macosx/

Trust: 0.3

sources: VULHUB: VHN-44405 // BID: 42651 // JVNDB: JVNDB-2010-001970 // CNNVD: CNNVD-201008-293 // NVD: CVE-2010-1800

CREDITS

Bjurman of Sirius IT, Jean-Luc Giraud of Citrix, and Aaron Sigel of vtty.com

Trust: 0.3

sources: BID: 42651

SOURCES

db:VULHUBid:VHN-44405
db:BIDid:42651
db:JVNDBid:JVNDB-2010-001970
db:CNNVDid:CNNVD-201008-293
db:NVDid:CVE-2010-1800

LAST UPDATE DATE

2025-04-11T22:56:37.218000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-44405date:2010-08-26T00:00:00
db:BIDid:42651date:2010-08-24T00:00:00
db:JVNDBid:JVNDB-2010-001970date:2010-09-08T00:00:00
db:CNNVDid:CNNVD-201008-293date:2010-09-03T00:00:00
db:NVDid:CVE-2010-1800date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:VULHUBid:VHN-44405date:2010-08-25T00:00:00
db:BIDid:42651date:2010-08-24T00:00:00
db:JVNDBid:JVNDB-2010-001970date:2010-09-08T00:00:00
db:CNNVDid:CNNVD-201008-293date:2010-08-27T00:00:00
db:NVDid:CVE-2010-1800date:2010-08-25T20:00:16.737