CVE-2013-5183

low

Published 2013-10-24 · Modified 2026-04-29

CVSS v3

—

VIR risk

2.6

Description

Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

OS impact

OS	Version	Status
macos		affected
macos	10.8.0	affected
macos	10.8.1	affected
macos	10.8.2	affected
macos	10.8.3	affected
macos	10.8.4	affected
macos	10.8.5	affected

References

http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html

CWEs

CWE-200

💬 Discuss CVE-2013-5183 on VIR Community →

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.