PT-2010-3433 · Apple · Cfnetwork+1
Aaron Sigel
+3
·
Publicado
2010-08-25
·
Atualizado
2010-08-26
·
CVE-2010-1800
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apple Mac OS X versions 10.6.3 through 10.6.4
Description
The issue allows man-in-the-middle attackers to redirect a connection and obtain sensitive information via crafted responses, due to CFNetwork supporting anonymous SSL and TLS connections.
Recommendations
For Apple Mac OS X versions 10.6.3 through 10.6.4, consider disabling anonymous SSL and TLS connections to minimize the risk of exploitation.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cfnetwork
Macos X