CVE-2011-3444

2012-02-0218:55:01

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.002

Percentile

56.1%

JSON

Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.

Affected configurations

Nvd

Node

applemac_os_xRange≤10.7.2

applemac_os_xMatch10.7.0

applemac_os_xMatch10.7.1

applemac_os_x_serverRange≤10.7.2

applemac_os_x_serverMatch10.7.0

applemac_os_x_serverMatch10.7.1

VendorProductVersionCPE
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
applemac_os_x10.7.0cpe:2.3:o:apple:mac_os_x:10.7.0:*:*:*:*:*:*:*
applemac_os_x10.7.1cpe:2.3:o:apple:mac_os_x:10.7.1:*:*:*:*:*:*:*
applemac_os_x_server*cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
applemac_os_x_server10.7.0cpe:2.3:o:apple:mac_os_x_server:10.7.0:*:*:*:*:*:*:*
applemac_os_x_server10.7.1cpe:2.3:o:apple:mac_os_x_server:10.7.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	mac_os_x	*	cpe:2.3:o:apple:mac_os_x::::::::
apple	mac_os_x	10.7.0	cpe:2.3:o:apple:mac_os_x:10.7.0:::::::*
apple	mac_os_x	10.7.1	cpe:2.3:o:apple:mac_os_x:10.7.1:::::::*
apple	mac_os_x_server	*	cpe:2.3:o:apple:mac_os_x_server::::::::
apple	mac_os_x_server	10.7.0	cpe:2.3:o:apple:mac_os_x_server:10.7.0:::::::*
apple	mac_os_x_server	10.7.1	cpe:2.3:o:apple:mac_os_x_server:10.7.1:::::::*