PT-2011-4306 · Apple · Macos X
Published
2011-10-14
·
Updated
2012-01-14
·
CVE-2011-3213
CVSS v2.0
7.6
High
| Vector | AV:N/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Mac OS X versions prior to 10.7.2
Description
The issue arises from the File Systems component not properly tracking the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection. This allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection.
Recommendations
For Mac OS X versions prior to 10.7.2, update to version 10.7.2 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Macos X