PT-2007-5838 · Apple · Cfnetwork+1
Marko Karppinen
+2
·
Published
2007-11-15
·
Updated
2017-07-29
·
CVE-2007-4680
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Apple Mac OS X versions 10.3.9 through 10.4.10
Description:
The issue allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack due to improper validation of certificates by CFNetwork.
Recommendations:
For Apple Mac OS X versions 10.3.9 through 10.4.10, update to a version that properly validates certificates to prevent man-in-the-middle attacks.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cfnetwork
Macos X