CVE-2008-4491

Published: Oct 8, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Apple Mail.app 3.5 on Mac OS X, when "Store draft messages on the server" is enabled, stores draft copies of S/MIME email in plaintext on the email server, which allows server owners and remote man-in-the-middle attackers to read sensitive mail.

Affected (1)

Products: Apple: Mail

Apple

1 product

Mail

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apple Mail	Version 3.5

Running on/with	Platform Versions
Apple Mac Os X	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (14)

http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/

Source: cve@mitre.org

http://resources.enablesecurity.com/advisories/apple-mailapp-smime.txt

Source: cve@mitre.org

http://securityreason.com/securityalert/4363

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/497057/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/31598

Source: cve@mitre.org

http://www.securitytracker.com/id?1021019

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/45688

Source: cve@mitre.org

http://enablesecurity.com/2008/10/03/apple-mailapp-security-advisory/