CVE-2009-1723

Published: Aug 6, 2009Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.

Affected (20)

Products: Apple: Mac Os X, Mac Os X Server

2 products

Mac Os X Server

Configuration A

20 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.5.6
Apple Mac Os X	Version 10.5.0
Apple Mac Os X	Version 10.5.1
Apple Mac Os X	Version 10.5.2
Apple Mac Os X	Version 10.5.2 2008-002
Apple Mac Os X	Version 10.5.3
Apple Mac Os X	Version 10.5.4
Apple Mac Os X	Version 10.5.5
Apple Mac Os X	Version 10.5.6
Apple Mac Os X	Version 10.5.7
Apple Mac Os X	Version 10.5
Apple Mac Os X Server	Version 10.5.0
Apple Mac Os X Server	Version 10.5.1
Apple Mac Os X Server	Version 10.5.2
Apple Mac Os X Server	Version 10.5.3
Apple Mac Os X Server	Version 10.5.4
Apple Mac Os X Server	Version 10.5.5
Apple Mac Os X Server	Version 10.5.6
Apple Mac Os X Server	Version 10.5.7
Apple Mac Os X Server	Version 10.5

References (20)

http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html

Source: cve@mitre.org

PatchVendor Advisory

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

Source: cve@mitre.org

http://osvdb.org/56846

Source: cve@mitre.org

http://secunia.com/advisories/36096

Source: cve@mitre.org

Vendor Advisory

http://support.apple.com/kb/HT3757

Source: cve@mitre.org

PatchVendor Advisory

http://support.apple.com/kb/HT4225

Source: cve@mitre.org

http://www.securityfocus.com/bid/35954

Source: cve@mitre.org

Patch

http://www.us-cert.gov/cas/techalerts/TA09-218A.html

Source: cve@mitre.org

US Government Resource

http://www.vupen.com/english/advisories/2009/2172

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/52418

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/56846

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/36096

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT3757

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://support.apple.com/kb/HT4225

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/35954

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.us-cert.gov/cas/techalerts/TA09-218A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2009/2172

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/52418

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.