Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:734032
HistoryNov 30, 2006 - 12:00 a.m.

Apple Mac OS X Security Framework Secure Transport may not negotiate the best cipher available

2006-11-3000:00:00
www.kb.cert.org
10

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.018 Low

EPSS

Percentile

88.0%

JSON

Overview

Apple Mac OS X Security Framework Secure Transport may not negotiate the best cipher available. This vulnerability may allow traffic to be weakly encrypted.

Description

Secure Transport refers to Apple’s implementation of SSL and TLS that is used by Mac OS X to create secure connections over TCP/IP connections. According to Apple Security Update 2006-007:

_Due to the order they are evaluated, it is possible for Secure Transport to use a cipher that provides no encryption or authentication when better ciphers are available. _Applications using Secure Transport through CFNetwork, such as Safari, are not affected by this issue on systems with Security Update 2006-006 or later. This issue does not affect systems using Mac OS X v10.4.8 and later

Impact

A remote, unauthenticated attacker may be able to observe the plaintext of traffic believed to be securely encrypted.

Solution

Apply Apple Updates

This issue is addressed by Apple Security Update 2006-007.

Vendor Information

734032

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer, Inc. __ Affected

Updated: November 29, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Apple Security Update 2006-007.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23734032 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This issue was reported in Apple Security Update 2006-007. Apple credits Eric Cronin of gizmolabs for reporting this issue.

This document was written by Chris Taschner.

Other Information

CVE IDs: CVE-2006-4407
Severity Metric: 10.94 Date Public:

Related

cve 1
seebug 2
nessus 1
cve
cve
CVE-2006-4407
2006-11-30 16:28:00
seebug
seebug
Apple Mac OS X 2006-007更新修复多个安全漏洞
2006-12-05 00:00:00
Apple Mac OS X 2006-007存在多个安全漏洞
2006-11-29 00:00:00
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Update 2006-007)
2006-11-29 00:00:00

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.018 Low

EPSS

Percentile

88.0%

JSON
Related for VU:734032
cve1seebug2nessus1