Main Vulnerability Database Vulnerabilities #VU42431

Information disclosure in macOS - CVE-2013-5183

Published: October 24, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42431

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-5183

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
macOS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.

How to mitigate CVE-2013-5183

Install update from vendor's website.

Sources

http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html

Information disclosure in macOS - CVE-2013-5183

Detailed vulnerability description

How to mitigate CVE-2013-5183

Sources

Please verify you're human