CVE-2011-0199 in Mac OS X
Summary
The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Reservation
12/23/2010
Disclosure
06/24/2011
Status
Confirmed
Entries
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerability | CWE | Exp | Cou | CVE |
|---|---|---|---|---|---|
| 57768 | Apple Mac OS X Certificate Trust Policy certificate validation | 295 | Not defined | Official fix | CVE-2011-0199 |