5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.022 Low
EPSS
Percentile
89.6%
Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) service is unable to retrieve certificate revocation lists on systems that are configured to use an HTTP proxy. This vulnerability may result in the use of revoked certificates.
The Online Certificate Status Protocol (OCSP) is used to obtain the status of X.509 digital certificates. According to Apple Security Update 2006-007:
On systems that are configured to use an HTTP proxy, the Online Certificate Status Protocol (OCSP) service is unable to retrieve certificate revocation lists. This update addresses this issue by using the system proxy settings in ocpsd.
This vulnerability may result in the use of revoked certificates. The full impact of this vulnerability depends on the application verifying the certificate.
Apply Apple Updates
This issue is addressed by Apple Security Update 2006-007.
811384
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: December 01, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to Apple Security Update 2006-007.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23811384 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This issue was reported in Apple Security Update 2006-007. Apple credits Timothy J. Miller of the MITRE Corporation for reporting this issue.
This document was written by Chris Taschner.
CVE IDs: | CVE-2006-4409 |
---|---|
Severity Metric: | 0.22 Date Public: |