The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apple
Published: 2011-06-24T20:00:00
Updated: 2024-08-06T21:43:15.466Z
Reserved: 2010-12-23T00:00:00
Link: CVE-2011-0199
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-06-24T20:55:02.137
Modified: 2024-11-21T01:23:31.680
Link: CVE-2011-0199
Redhat
No data.