CVE-2011-0199

MEDIUM

Apple Mac OS X <10.6.8 - Info Disclosure

Title source: llm

Description

The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.

References (3)

[Mailing List, Patch, Vendor Advisory] http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html

[Patch, Vendor Advisory] http://support.apple.com/kb/HT4723

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/48447

Scores

CVSS v3 5.9

EPSS 0.0017

EPSS Percentile 38.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Classification

CWE

CWE-295

Status draft

Affected Products (2)

apple/mac_os_x < 10.6.8

apple/mac_os_x_server < 10.6.8

Timeline

Published Jun 24, 2011

Tracked Since Feb 18, 2026