Vulnerability Details CVE-2006-4390
CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.7%
CVSS Severity
CVSS v2 Score 2.6
References
- http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
- http://secunia.com/advisories/22187
- http://securitytracker.com/id?1016952
- http://www.osvdb.org/29267
- http://www.securityfocus.com/bid/20271
- http://www.vupen.com/english/advisories/2006/3852
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29277
- http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html
- http://secunia.com/advisories/22187
- http://securitytracker.com/id?1016952
- http://www.osvdb.org/29267
- http://www.securityfocus.com/bid/20271
- http://www.vupen.com/english/advisories/2006/3852
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29277
Products affected by CVE-2006-4390
-
cpe:2.3:o:apple:mac_os_x:10.3.9
-
cpe:2.3:o:apple:mac_os_x:10.4
-
cpe:2.3:o:apple:mac_os_x:10.4.1
-
cpe:2.3:o:apple:mac_os_x:10.4.2
-
cpe:2.3:o:apple:mac_os_x:10.4.3
-
cpe:2.3:o:apple:mac_os_x:10.4.4
-
cpe:2.3:o:apple:mac_os_x:10.4.5
-
cpe:2.3:o:apple:mac_os_x:10.4.6
-
cpe:2.3:o:apple:mac_os_x:10.4.7