Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:811384
HistoryDec 04, 2006 - 12:00 a.m.

Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) service fails to properly retrieve certificate revocation lists

2006-12-0400:00:00
www.kb.cert.org
12

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.022 Low

EPSS

Percentile

89.6%

JSON

Overview

Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) service is unable to retrieve certificate revocation lists on systems that are configured to use an HTTP proxy. This vulnerability may result in the use of revoked certificates.

Description

The Online Certificate Status Protocol (OCSP) is used to obtain the status of X.509 digital certificates. According to Apple Security Update 2006-007:

On systems that are configured to use an HTTP proxy, the Online Certificate Status Protocol (OCSP) service is unable to retrieve certificate revocation lists. This update addresses this issue by using the system proxy settings in ocpsd.

Impact

This vulnerability may result in the use of revoked certificates. The full impact of this vulnerability depends on the application verifying the certificate.

Solution

Apply Apple Updates

This issue is addressed by Apple Security Update 2006-007.

Vendor Information

811384

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer, Inc. __ Affected

Updated: December 01, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Apple Security Update 2006-007.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23811384 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This issue was reported in Apple Security Update 2006-007. Apple credits Timothy J. Miller of the MITRE Corporation for reporting this issue.

This document was written by Chris Taschner.

Other Information

CVE IDs: CVE-2006-4409
Severity Metric: 0.22 Date Public:

Related

cvelist 1
nvd 1
cve 1
seebug 2
nessus 1
cvelist
cvelist
CVE-2006-4409
2006-11-30 16:00:00
nvd
nvd
CVE-2006-4409
2006-11-30 16:28:00
cve
cve
CVE-2006-4409
2006-11-30 16:28:00
seebug
seebug
Apple Mac OS X 2006-007更新修复多个安全漏洞
2006-12-05 00:00:00
Apple Mac OS X 2006-007存在多个安全漏洞
2006-11-29 00:00:00
nessus
nessus
Mac OS X Multiple Vulnerabilities (Security Update 2006-007)
2006-11-29 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.022 Low

EPSS

Percentile

89.6%

JSON
Related for VU:811384
cvelist1nvd1cve1seebug2nessus1