CVE-2015-5824

2015-09-18T06:59:43
ID CVE-2015-5824
Type cve
Reporter NVD
Modified 2016-12-21T22:00:08

Description

The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.