Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2011-0228
HistoryAug 29, 2011 - 8:55 p.m.

CVE-2011-0228

2011-08-2920:55:00
CWE-20
[email protected]
web.nvd.nist.gov
30
apple
ios
data security
ssl
ssl server
certificate
non-ca certificate
x.509
man-in-the-middle
cve-2011-0228

5.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.4%

JSON

The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.

Related

securityvulns 4
cvelist 1
prion 1
seebug 1
securityvulns
securityvulns
APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone
2011-07-26 00:00:00
APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update
2011-07-26 00:00:00
TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain
2011-07-26 00:00:00
cvelist
cvelist
CVE-2011-0228
2011-08-29 20:00:00
prion
prion
Design/Logic Flaw
2011-08-29 20:55:00
seebug
seebug
Apple iOS "basicConstraints" X.509证书链ιͺŒθ―ζΌζ΄ž
2011-07-28 00:00:00

5.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.4%

JSON
Related for CVE-2011-0228
securityvulns4cvelist1prion1seebug1