Описание
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-4409
- http://docs.info.apple.com/article.html?artnum=304829
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://secunia.com/advisories/23155
- http://securitytracker.com/id?1017298
- http://www.kb.cert.org/vuls/id/811384
- http://www.osvdb.org/30729
- http://www.securityfocus.com/bid/21335
- http://www.us-cert.gov/cas/techalerts/TA06-333A.html
- http://www.vupen.com/english/advisories/2006/4750
EPSS
CVE ID
Связанные уязвимости
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
EPSS