5.8 Medium
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.4%
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.
lists.apple.com/archives/security-announce/2011//Jul/msg00004.html
lists.apple.com/archives/security-announce/2011//Jul/msg00005.html
secunia.com/advisories/45369
securityreason.com/securityalert/8361
securitytracker.com/id?1025837
support.apple.com/kb/HT4824
support.apple.com/kb/HT4825
www.securityfocus.com/archive/1/518982/100/0/threaded
www.securityfocus.com/bid/48877
www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt