cvelistv5 - cve-2015-5884

CVE-2015-5884 (GCVE-0-2015-5884)

Vulnerability from cvelistv5

Published

2015-10-09 01:00

Modified

2024-08-06 07:06

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

fkie_cve-2015-5884

Vulnerability from fkie_nvd

Published

2015-10-09 05:59

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/76908
product-security@apple.com	http://www.securitytracker.com/id/1033703
product-security@apple.com	https://support.apple.com/HT205267	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/76908
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033703
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/HT205267	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C5FF5EF-B5D2-4BFE-8C0E-DF1F99F3989D",
              "versionEndIncluding": "10.10.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment."
    },
    {
      "lang": "es",
      "value": "La funcionalidad de Mail Drop en Mail en Apple OS X en versiones anteriores a 10.11 no maneja correctamente los par\u00e1metros de cifrado para los documentos adjuntos, lo que hace m\u00e1s f\u00e1cil para atacantes remotos obtener informaci\u00f3n sensible rastreando la red durante la transmisi\u00f3n de un mensaje de correo electr\u00f3nico S/MIME con un anexo largo."
    }
  ],
  "id": "CVE-2015-5884",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-09T05:59:20.233",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securityfocus.com/bid/76908"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://www.securitytracker.com/id/1033703"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205267"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/HT205267"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. Apple Mac OS X is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. These issues affect OS X prior to 10.11. Mail is one of the mail components. The vulnerability stems from the fact that the program does not properly handle the encryption parameters of attachments

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201510-0066",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.6.8 thats all  10.11"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.7.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "76908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005151"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-102"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5884"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005151"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Sergi Alvarez (pancake) of NowSecure Research Team, Carlos Moreira, Rainer Dorau of rainer dorau informationsdesign, Chris Nehren, Kai Takac, Hans Douma, Toni Vaahtera, and an anonymous researcher, Maksymilian Arciemowicz of cxsecurity.com, John McCombs of",
    "sources": [
      {
        "db": "BID",
        "id": "76908"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-5884",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CVE-2015-5884",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "VHN-83845",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-5884",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-5884",
            "trust": 0.8,
            "value": "Low"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201510-102",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULHUB",
            "id": "VHN-83845",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-5884",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83845"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005151"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-102"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5884"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. Apple Mac OS X is prone to multiple security vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code with system privileges, bypass security restrictions, cause denial-of-service conditions, obtain sensitive information, and perform other attacks. \nThese issues affect OS X prior to 10.11. Mail is one of the mail components. The vulnerability stems from the fact that the program does not properly handle the encryption parameters of attachments",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-5884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005151"
      },
      {
        "db": "BID",
        "id": "76908"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83845"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5884"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-5884",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "76908",
        "trust": 1.5
      },
      {
        "db": "SECTRACK",
        "id": "1033703",
        "trust": 1.2
      },
      {
        "db": "JVN",
        "id": "JVNVU97220341",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005151",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-102",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-83845",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5884",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83845"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5884"
      },
      {
        "db": "BID",
        "id": "76908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005151"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-102"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5884"
      }
    ]
  },
  "id": "VAR-201510-0066",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83845"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:50:19.820000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT201222"
      },
      {
        "title": "APPLE-SA-2015-09-30-3 OS X El Capitan 10.11",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/HT205267"
      },
      {
        "title": "HT205267",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/HT205267"
      },
      {
        "title": "Apple: OS X El Capitan v10.11",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=e88bab658248444f5dffc23fd95859e7"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2015-5884"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005151"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83845"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005151"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5884"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/sep/msg00008.html"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/ht205267"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/76908"
      },
      {
        "trust": 1.2,
        "url": "http://www.securitytracker.com/id/1033703"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5884"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu97220341/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5884"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/en-in/ht205267"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/200.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht205267"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41307"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83845"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5884"
      },
      {
        "db": "BID",
        "id": "76908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005151"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-102"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5884"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-83845"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-5884"
      },
      {
        "db": "BID",
        "id": "76908"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005151"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-102"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-5884"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-83845"
      },
      {
        "date": "2015-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-5884"
      },
      {
        "date": "2015-09-30T00:00:00",
        "db": "BID",
        "id": "76908"
      },
      {
        "date": "2015-10-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005151"
      },
      {
        "date": "2015-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-102"
      },
      {
        "date": "2015-10-09T05:59:20.233000",
        "db": "NVD",
        "id": "CVE-2015-5884"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-83845"
      },
      {
        "date": "2016-12-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-5884"
      },
      {
        "date": "2015-12-08T22:02:00",
        "db": "BID",
        "id": "76908"
      },
      {
        "date": "2015-10-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-005151"
      },
      {
        "date": "2015-10-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201510-102"
      },
      {
        "date": "2024-11-21T02:34:03.540000",
        "db": "NVD",
        "id": "CVE-2015-5884"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-102"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple OS X Mail  Mail Drop Vulnerabilities that capture important information on functions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-005151"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201510-102"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2015-06417

Vulnerability from cnvd

Title

Apple OS X Mail附件信息获取漏洞

Description

Apple OS X是一款苹果公司开发的操作系统。 Apple OS X处理通过Mail Drop发送的超大email附件的加密参数时存在问题，允许攻击者利用漏洞可截获S/MIME加密附件内容。

Severity

中

Patch Name

Apple OS X Mail附件信息获取漏洞的补丁

Patch Description

Apple OS X是一款苹果公司开发的操作系统。Apple OS X处理通过Mail Drop发送的超大email附件的加密参数时存在问题，允许攻击者利用漏洞可截获S/MIME加密附件内容。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://support.apple.com/en-us/HT205267

Reference

https://support.apple.com/en-us/HT205267

Impacted products

Name
Apple OS X <=10.10.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-5884"
    }
  },
  "description": "Apple OS X\u662f\u4e00\u6b3e\u82f9\u679c\u516c\u53f8\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple OS X\u5904\u7406\u901a\u8fc7Mail Drop\u53d1\u9001\u7684\u8d85\u5927email\u9644\u4ef6\u7684\u52a0\u5bc6\u53c2\u6570\u65f6\u5b58\u5728\u95ee\u9898\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u622a\u83b7S/MIME\u52a0\u5bc6\u9644\u4ef6\u5185\u5bb9\u3002",
  "discovererName": "John McCombs of Integrated Mapping Ltd",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://support.apple.com/en-us/HT205267",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06417",
  "openTime": "2015-10-12",
  "patchDescription": "Apple OS X\u662f\u4e00\u6b3e\u82f9\u679c\u516c\u53f8\u5f00\u53d1\u7684\u64cd\u4f5c\u7cfb\u7edf\u3002Apple OS X\u5904\u7406\u901a\u8fc7Mail Drop\u53d1\u9001\u7684\u8d85\u5927email\u9644\u4ef6\u7684\u52a0\u5bc6\u53c2\u6570\u65f6\u5b58\u5728\u95ee\u9898\uff0c\u5141\u8bb8\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u53ef\u622a\u83b7S/MIME\u52a0\u5bc6\u9644\u4ef6\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple OS X Mail\u9644\u4ef6\u4fe1\u606f\u83b7\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple OS X \u003c=10.10.5"
  },
  "referenceLink": "https://support.apple.com/en-us/HT205267",
  "serverity": "\u4e2d",
  "submitTime": "2015-10-03",
  "title": "Apple OS X Mail\u9644\u4ef6\u4fe1\u606f\u83b7\u53d6\u6f0f\u6d1e"
}

ghsa-9h4c-9hpw-q3gv

Vulnerability from github

Published

2022-05-17 03:22

Modified

2022-05-17 03:22

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-5884"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-10-09T05:59:00Z",
    "severity": "LOW"
  },
  "details": "The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.",
  "id": "GHSA-9h4c-9hpw-q3gv",
  "modified": "2022-05-17T03:22:37Z",
  "published": "2022-05-17T03:22:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5884"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/HT205267"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/76908"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1033703"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2015-AVI-416

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Apple OS X. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Apple OS X versions antérieures à v10.11

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT205267 du 30 septembre 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eApple OS X versions ant\u00e9rieures \u00e0 v10.11\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2014-8080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8080"
    },
    {
      "name": "CVE-2015-5885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5885"
    },
    {
      "name": "CVE-2015-5851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5851"
    },
    {
      "name": "CVE-2015-5870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5870"
    },
    {
      "name": "CVE-2015-5873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5873"
    },
    {
      "name": "CVE-2015-3416",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3416"
    },
    {
      "name": "CVE-2015-5867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5867"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-5830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5830"
    },
    {
      "name": "CVE-2014-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7186"
    },
    {
      "name": "CVE-2015-3415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3415"
    },
    {
      "name": "CVE-2015-5883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5883"
    },
    {
      "name": "CVE-2015-5523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5523"
    },
    {
      "name": "CVE-2015-5914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5914"
    },
    {
      "name": "CVE-2014-9652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9652"
    },
    {
      "name": "CVE-2015-5875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5875"
    },
    {
      "name": "CVE-2015-5860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5860"
    },
    {
      "name": "CVE-2015-5824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5824"
    },
    {
      "name": "CVE-2015-5872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5872"
    },
    {
      "name": "CVE-2014-9705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9705"
    },
    {
      "name": "CVE-2015-5522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5522"
    },
    {
      "name": "CVE-2015-5863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5863"
    },
    {
      "name": "CVE-2015-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1352"
    },
    {
      "name": "CVE-2014-9427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9427"
    },
    {
      "name": "CVE-2015-5833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5833"
    },
    {
      "name": "CVE-2015-5840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5840"
    },
    {
      "name": "CVE-2015-5915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5915"
    },
    {
      "name": "CVE-2015-5871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5871"
    },
    {
      "name": "CVE-2015-2787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2787"
    },
    {
      "name": "CVE-2014-8090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8090"
    },
    {
      "name": "CVE-2015-5836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5836"
    },
    {
      "name": "CVE-2015-5868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5868"
    },
    {
      "name": "CVE-2015-5891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5891"
    },
    {
      "name": "CVE-2015-5874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5874"
    },
    {
      "name": "CVE-2015-2305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2305"
    },
    {
      "name": "CVE-2015-5887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5887"
    },
    {
      "name": "CVE-2015-5902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5902"
    },
    {
      "name": "CVE-2015-5900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5900"
    },
    {
      "name": "CVE-2015-5858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5858"
    },
    {
      "name": "CVE-2015-3414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3414"
    },
    {
      "name": "CVE-2015-5865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5865"
    },
    {
      "name": "CVE-2014-9425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9425"
    },
    {
      "name": "CVE-2014-8611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8611"
    },
    {
      "name": "CVE-2015-5879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5879"
    },
    {
      "name": "CVE-2015-3330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3330"
    },
    {
      "name": "CVE-2015-5896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5896"
    },
    {
      "name": "CVE-2015-0273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0273"
    },
    {
      "name": "CVE-2014-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6277"
    },
    {
      "name": "CVE-2015-5839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5839"
    },
    {
      "name": "CVE-2015-5893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5893"
    },
    {
      "name": "CVE-2015-3329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3329"
    },
    {
      "name": "CVE-2015-5853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5853"
    },
    {
      "name": "CVE-2015-0231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0231"
    },
    {
      "name": "CVE-2015-2301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2301"
    },
    {
      "name": "CVE-2015-5882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5882"
    },
    {
      "name": "CVE-2015-5878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5878"
    },
    {
      "name": "CVE-2015-5894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5894"
    },
    {
      "name": "CVE-2015-5831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5831"
    },
    {
      "name": "CVE-2015-5869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5869"
    },
    {
      "name": "CVE-2015-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1855"
    },
    {
      "name": "CVE-2015-5862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5862"
    },
    {
      "name": "CVE-2014-8147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8147"
    },
    {
      "name": "CVE-2015-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5889"
    },
    {
      "name": "CVE-2015-5866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5866"
    },
    {
      "name": "CVE-2015-5876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5876"
    },
    {
      "name": "CVE-2014-2532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2532"
    },
    {
      "name": "CVE-2015-5912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5912"
    },
    {
      "name": "CVE-2015-5877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5877"
    },
    {
      "name": "CVE-2015-2331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2331"
    },
    {
      "name": "CVE-2015-5922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5922"
    },
    {
      "name": "CVE-2015-5842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5842"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2015-1351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1351"
    },
    {
      "name": "CVE-2015-5849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5849"
    },
    {
      "name": "CVE-2015-5841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5841"
    },
    {
      "name": "CVE-2014-7187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7187"
    },
    {
      "name": "CVE-2015-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2783"
    },
    {
      "name": "CVE-2015-3785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3785"
    },
    {
      "name": "CVE-2015-5913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5913"
    },
    {
      "name": "CVE-2014-3618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3618"
    },
    {
      "name": "CVE-2015-5899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5899"
    },
    {
      "name": "CVE-2015-5847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5847"
    },
    {
      "name": "CVE-2015-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
    },
    {
      "name": "CVE-2015-5903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5903"
    },
    {
      "name": "CVE-2015-5864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5864"
    },
    {
      "name": "CVE-2015-5917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5917"
    },
    {
      "name": "CVE-2015-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0232"
    },
    {
      "name": "CVE-2015-5901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5901"
    },
    {
      "name": "CVE-2015-5854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5854"
    },
    {
      "name": "CVE-2015-5881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5881"
    },
    {
      "name": "CVE-2015-5897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5897"
    },
    {
      "name": "CVE-2015-5888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5888"
    },
    {
      "name": "CVE-2015-5890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5890"
    },
    {
      "name": "CVE-2015-5884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5884"
    },
    {
      "name": "CVE-2013-3951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3951"
    },
    {
      "name": "CVE-2014-9709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9709"
    },
    {
      "name": "CVE-2015-5855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5855"
    },
    {
      "name": "CVE-2015-2348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2348"
    },
    {
      "name": "CVE-2014-8146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8146"
    }
  ],
  "initial_release_date": "2015-10-01T00:00:00",
  "last_revision_date": "2015-10-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-416",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-10-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nune ex\u00e9cution de code arbitraire et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT205267 du 30 septembre 2015",
      "url": "https://support.apple.com/en-us/HT205267"
    }
  ]
}

gsd-2015-5884

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-5884

Aliases

CVE-2015-5884

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-5884",
    "description": "The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.",
    "id": "GSD-2015-5884"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-5884"
      ],
      "details": "The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.",
      "id": "GSD-2015-5884",
      "modified": "2023-12-13T01:20:06.786257Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2015-5884",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1033703",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1033703"
          },
          {
            "name": "APPLE-SA-2015-09-30-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
          },
          {
            "name": "https://support.apple.com/HT205267",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/HT205267"
          },
          {
            "name": "76908",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/76908"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2015-5884"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/HT205267",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/HT205267"
            },
            {
              "name": "APPLE-SA-2015-09-30-3",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
            },
            {
              "name": "76908",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/76908"
            },
            {
              "name": "1033703",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1033703"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-08T03:11Z",
      "publishedDate": "2015-10-09T05:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-5884 (GCVE-0-2015-5884)

Vulnerability from cvelistv5

fkie_cve-2015-5884

Vulnerability from fkie_nvd

var-201510-0066

Vulnerability from variot

cnvd-2015-06417

Vulnerability from cnvd

ghsa-9h4c-9hpw-q3gv

Vulnerability from github

CERTFR-2015-AVI-416

Vulnerability from certfr_avis

Solution

gsd-2015-5884

Vulnerability from gsd

Tags

Sightings

Nomenclature