CVE-2011-0199

Published: Jun 24, 2011Modified: Apr 29, 2026

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.

Affected (2)

Products: Apple: Mac Os X, Mac Os X Server

2 products

Mac Os X Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	From 10.6.0 to 10.6.8
Apple Mac Os X Server	From 10.6.0 to 10.6.8

Related CWEs

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (6)

http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html

Source: product-security@apple.com

Mailing ListPatchVendor Advisory

http://support.apple.com/kb/HT4723

Source: product-security@apple.com

PatchVendor Advisory

http://www.securityfocus.com/bid/48447

Source: product-security@apple.com

Broken LinkThird Party AdvisoryVDB Entry

http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchVendor Advisory

http://support.apple.com/kb/HT4723

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/48447

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

Timeline

No history available yet.