Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0143

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-0143
Last Modified 21 Aug 2010 01:29:48
Published 14 Mar 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0143

Summary

Apple iTunes before 8.1 does not properly inform the user about the origin of an authentication request, which makes it easier for remote podcast servers to trick a user into providing a username and password when subscribing to a crafted podcast.

Vulnerable Systems

Application

  • Apple Itunes 1.0

  • Apple Itunes 1.1.1

  • Apple Itunes 1.1.2

  • Apple Itunes 2.0

  • Apple Itunes 2.0.1

  • Apple Itunes 2.0.2

  • Apple Itunes 2.0.3

  • Apple Itunes 2.0.4

  • Apple Itunes 3.0

  • Apple Itunes 3.0.1

  • Apple Itunes 4.0

  • Apple Itunes 4.0.0

  • Apple Itunes 4.0.1

  • Apple Itunes 4.1

  • Apple Itunes 4.1.0

  • Apple Itunes 4.2

  • Apple Itunes 4.2.0

  • Apple Itunes 4.2.72

  • Apple Itunes 4.5

  • Apple Itunes 4.5.0

  • Apple Itunes 4.6

  • Apple Itunes 4.6.0

  • Apple Itunes 4.7

  • Apple Itunes 4.7.0

  • Apple Itunes 4.7.1

  • Apple Itunes 4.7.1.30

  • Apple Itunes 4.8

  • Apple Itunes 4.8.0

  • Apple Itunes 4.9

  • Apple Itunes 4.9.0

  • Apple Itunes 5.0

  • Apple Itunes 5.0.0

  • Apple Itunes 5.0.1

  • Apple Itunes 6.0

  • Apple Itunes 6.0.0

  • Apple Itunes 6.0.1

  • Apple Itunes 6.0.2

  • Apple Itunes 6.0.3

  • Apple Itunes 6.0.4

  • Apple Itunes 6.0.4.2

  • Apple Itunes 6.0.5

  • Apple Itunes 7.0.0

  • Apple Itunes 7.0.1

  • Apple Itunes 7.0.2

  • Apple Itunes 7.1.0

  • Apple Itunes 7.1.1

  • Apple Itunes 7.2.0

  • Apple Itunes 7.3.0

  • Apple Itunes 7.3.1

  • Apple Itunes 7.3.2

  • Apple Itunes 7.4

  • Apple Itunes 7.4.0

  • Apple Itunes 7.4.1

  • Apple Itunes 7.4.2

  • Apple Itunes 7.4.3

  • Apple Itunes 7.5

  • Apple Itunes 7.5.0

  • Apple Itunes 7.6

  • Apple Itunes 7.6.0

  • Apple Itunes 7.6.1

  • Apple Itunes 7.6.2

  • Apple Itunes 7.7

  • Apple Itunes 7.7.0

  • Apple Itunes 7.7.1

  • Apple Itunes 8.0

  • Apple Itunes 8.0.0

  • Apple Itunes 8.0.1


References

CONFIRM - http://support.apple.com/kb/HT3487

APPLE - APPLE-SA-2009-03-11

XF - itunes-podcast-information-disclosure(49201)

VUPEN - ADV-2009-0702

BID - 34094

SECTRACK - 1021843

SECUNIA - 34254

OSVDB - 52579

Related Patches

Apple 2009-03-11 iTunes 8.1 for Mac (Update)


Last Updated: 27 May 2016 10:50:08