Man-in-the-middle attack vulnerability in OpenSSL in Apple Mac OS X via a crafted certificate issued by a legitimate Certification Authority| ID: oval:org.secpod.oval:def:3817 | Date: (C)2012-01-20 (M)2023-11-09 |
| Class: VULNERABILITY | Family: macos |
The host is installed with Apple Mac OS X before 10.6.3 and is prone to a man-in-the-middle attack vulnerability. A flaw is present in the application, which fails to properly handle NULL characters in the subject's Common Name (CN) field of X.509 certificates. Successful exploitation could allow attackers to spoof arbitrary SSL servers.
| Platform: |
| Apple Mac OS X 10.6 |
| Apple Mac OS X Server 10.6 |
| Apple Mac OS X 10.5 |
| Apple Mac OS X Server 10.5 |
