The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published: 2011-06-24T20:00:00

Updated: 2024-08-06T21:43:15.466Z

Reserved: 2010-12-23T00:00:00

Link: CVE-2011-0199

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2011-06-24T20:55:02.137

Modified: 2024-11-21T01:23:31.680

Link: CVE-2011-0199

cve-icon Redhat

No data.