Vulnerability Details CVE-2006-4409
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://docs.info.apple.com/article.html?artnum=304829
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://secunia.com/advisories/23155
- http://securitytracker.com/id?1017298
- http://www.kb.cert.org/vuls/id/811384
- http://www.osvdb.org/30729
- http://www.securityfocus.com/bid/21335
- http://www.us-cert.gov/cas/techalerts/TA06-333A.html
- http://www.vupen.com/english/advisories/2006/4750
- http://docs.info.apple.com/article.html?artnum=304829
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://secunia.com/advisories/23155
- http://securitytracker.com/id?1017298
- http://www.kb.cert.org/vuls/id/811384
- http://www.osvdb.org/30729
- http://www.securityfocus.com/bid/21335
- http://www.us-cert.gov/cas/techalerts/TA06-333A.html
- http://www.vupen.com/english/advisories/2006/4750
Products affected by CVE-2006-4409
-
cpe:2.3:o:apple:mac_os_x:10.4
-
cpe:2.3:o:apple:mac_os_x:10.4.1
-
cpe:2.3:o:apple:mac_os_x:10.4.2
-
cpe:2.3:o:apple:mac_os_x:10.4.3
-
cpe:2.3:o:apple:mac_os_x:10.4.4
-
cpe:2.3:o:apple:mac_os_x:10.4.5
-
cpe:2.3:o:apple:mac_os_x:10.4.6
-
cpe:2.3:o:apple:mac_os_x:10.4.7
-
cpe:2.3:o:apple:mac_os_x:10.4.8