CVE-2009-0144 | Vulnerability Database | Aqua Security

CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for secure cookies that are sent over unencrypted HTTP connections.

Affected Software

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	10.5.6 (including)	10.5.6 (including)
Mac_os_x	Apple	10.5 (including)	10.5 (including)
Mac_os_x	Apple	10.5.1 (including)	10.5.1 (including)
Mac_os_x	Apple	10.5.2 (including)	10.5.2 (including)
Mac_os_x	Apple	10.5.3 (including)	10.5.3 (including)
Mac_os_x	Apple	10.5.4 (including)	10.5.4 (including)
Mac_os_x	Apple	10.5.5 (including)	10.5.5 (including)
Mac_os_x_server	Apple	10.5.1 (including)	10.5.1 (including)
Mac_os_x_server	Apple	10.5.2 (including)	10.5.2 (including)
Mac_os_x_server	Apple	10.5.3 (including)	10.5.3 (including)
Mac_os_x_server	Apple	10.5.4 (including)	10.5.4 (including)
Mac_os_x_server	Apple	10.5.6 (including)	10.5.6 (including)

References

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://secunia.com/advisories/35074
http://support.apple.com/kb/HT3549
http://www.securityfocus.com/bid/34926
http://www.securitytracker.com/id?1022214
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/1297
https://exchange.xforce.ibmcloud.com/vulnerabilities/50479

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-0144
CWE	https://cwe.mitre.org/data/definitions/16.html