Details of VAR-201410-1074

ID

VAR-201410-1074

CVE

CVE-2014-4439

TITLE

Apple OS X Vulnerability in the collection of important information in an email application

Trust: 0.8

sources: JVNDB: JVNDB-2014-004879

DESCRIPTION

Mail in Apple OS X before 10.10 does not properly recognize the removal of a recipient address from a message, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading a message intended exclusively for other recipients. Apple Mac OS X is prone to an information-disclosure vulnerability. An attacker can leverage this issue to gain access to sensitive information. The vulnerability stems from the fact that the program does not process the delete recipient address operation in the message in time

Trust: 1.98

sources: NVD: CVE-2014-4439 // JVNDB: JVNDB-2014-004879 // BID: 70619 // VULHUB: VHN-72379

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.9.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lt	version:	10.10	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.9.5	Trust: 0.6
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.3	Trust: 0.3
vendor:	cosmicperl	model:	directory pro	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.5.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.2.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.6.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.0.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.03	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.11	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.7.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.1	Trust: 0.3

sources: BID: 70619 // JVNDB: JVNDB-2014-004879 // CNNVD: CNNVD-201410-617 // NVD: CVE-2014-4439

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4439
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-4439
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201410-617
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-72379
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-4439
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-72379
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-72379 // JVNDB: JVNDB-2014-004879 // CNNVD: CNNVD-201410-617 // NVD: CVE-2014-4439

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-72379 // JVNDB: JVNDB-2014-004879 // NVD: CVE-2014-4439

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-617

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201410-617

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004879

PATCH

title:	HT6535	url:	https://support.apple.com/kb/HT6535	Trust: 0.8
title:	HT6535	url:	http://support.apple.com/kb/HT6535?viewlocale=ja_JP	Trust: 0.8
title:	OS X Yosemite 10.10 MAS 14A389( Official version of the full firmware )	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52113	Trust: 0.6

sources: JVNDB: JVNDB-2014-004879 // CNNVD: CNNVD-201410-617

EXTERNAL IDS

db:	NVD	id:	CVE-2014-4439	Trust: 2.8
db:	BID	id:	70619	Trust: 1.4
db:	SECTRACK	id:	1031063	Trust: 1.1
db:	JVN	id:	JVNVU97537282	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-004879	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-617	Trust: 0.7
db:	VULHUB	id:	VHN-72379	Trust: 0.1

sources: VULHUB: VHN-72379 // BID: 70619 // JVNDB: JVNDB-2014-004879 // CNNVD: CNNVD-201410-617 // NVD: CVE-2014-4439

REFERENCES

url:	http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html	Trust: 2.5
url:	https://support.apple.com/kb/ht6535	Trust: 1.7
url:	http://www.securityfocus.com/bid/70619	Trust: 1.1
url:	http://www.securitytracker.com/id/1031063	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/97629	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4439	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97537282/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4439	Trust: 0.8
url:	http://www.apple.com/macosx/	Trust: 0.3

sources: VULHUB: VHN-72379 // BID: 70619 // JVNDB: JVNDB-2014-004879 // CNNVD: CNNVD-201410-617 // NVD: CVE-2014-4439

CREDITS

Patrick J Power of Melbourne, Australia

Trust: 0.3

sources: BID: 70619

SOURCES

db:	VULHUB	id:	VHN-72379
db:	BID	id:	70619
db:	JVNDB	id:	JVNDB-2014-004879
db:	CNNVD	id:	CNNVD-201410-617
db:	NVD	id:	CVE-2014-4439

LAST UPDATE DATE

2025-04-13T22:25:07.986000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-72379	date:	2017-08-29T00:00:00
db:	BID	id:	70619	date:	2014-10-21T18:02:00
db:	JVNDB	id:	JVNDB-2014-004879	date:	2015-12-02T00:00:00
db:	CNNVD	id:	CNNVD-201410-617	date:	2014-10-22T00:00:00
db:	NVD	id:	CVE-2014-4439	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-72379	date:	2014-10-18T00:00:00
db:	BID	id:	70619	date:	2014-10-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-004879	date:	2014-10-22T00:00:00
db:	CNNVD	id:	CNNVD-201410-617	date:	2014-10-22T00:00:00
db:	NVD	id:	CVE-2014-4439	date:	2014-10-18T01:55:13.713