Описание
The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.
Ссылки
- Mailing ListPatchVendor Advisory
- PatchVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Mailing ListPatchVendor Advisory
- PatchVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 10.6.0 (включая) до 10.6.8 (исключая)Версия от 10.6.0 (включая) до 10.6.8 (исключая)
Одно из
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 39%
0.00173
Низкий
5.9 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-295
CWE-295
Связанные уязвимости
CVSS3: 5.9
github
больше 3 лет назад
The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.
EPSS
Процентиль: 39%
0.00173
Низкий
5.9 Medium
CVSS3
5.8 Medium
CVSS2
Дефекты
CWE-295
CWE-295