[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-0228Date: (C)2011-08-29   (M)2023-12-22


The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1025837
http://www.securityfocus.com/archive/1/518982/100/0/threaded
SECUNIA-45369
BID-48877
SREASON-8361
APPLE-SA-2011-07-25-1
APPLE-SA-2011-07-25-2
http://support.apple.com/kb/HT4824
http://support.apple.com/kb/HT4825
https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt

CPE    36
cpe:/o:apple:iphone_os:4.2.1
cpe:/o:apple:iphone_os:4.3.0
cpe:/o:apple:iphone_os:4.0.2
cpe:/o:apple:iphone_os:4.0.1
...
CWE    1
CWE-20

© SecPod Technologies