Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20775
HistoryJul 28, 2011 - 12:00 a.m.

Apple iOS "basicConstraints" X.509证书链验证漏洞

2011-07-2800:00:00
Root
www.seebug.org
14

0.003 Low

EPSS

Percentile

67.3%

JSON

CVE ID: CVE-2011-0228

Apple iOS是运行在苹果iPhone和iPod touch设备上的最新的操作系统。

Apple iOS "basicConstraints" X.509在在实现上存在欺骗漏洞,远程用户可利用此漏洞执行欺骗攻击。

此漏洞源于在验证证书链中的证书"basicConstraints"参数时存在错误,通过中间人攻击,可欺骗任意域中的证书并泄露加密信息。

Apple iOS 4.x
厂商补丁:

Apple

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://support.apple.com/

Related

prion 1
securityvulns 4
cve 1
prion
prion
Design/Logic Flaw
2011-08-29 20:55:00
securityvulns
securityvulns
APPLE-SA-2011-07-25-2 iOS 4.2.10 Software Update for iPhone
2011-07-26 00:00:00
APPLE-SA-2011-07-25-1 iOS 4.3.5 Software Update
2011-07-26 00:00:00
TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain
2011-07-26 00:00:00
cve
cve
CVE-2011-0228
2011-08-29 20:55:00

0.003 Low

EPSS

Percentile

67.3%

JSON
Related for SSV:20775
prion1securityvulns4cve1