Lucene search

AppleCVE-2011-0214

HistoryJul 21, 2011 - 11:55 p.m.

CVE-2011-0214

2011-07-2123:55:01

CWE-310

apple

web.nvd.nist.gov

apple

safari

ssl

bypass

vulnerability

cfnetwork

windows

cve-2011-0214

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

30.2%

JSON

CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.

Affected configurations

Nvd

Node

applecfnetwork

applesafariRange≤5.0.5

applesafariMatch1.0

applesafariMatch1.0beta

applesafariMatch1.0beta2

applesafariMatch1.0.0

applesafariMatch1.0.0b1

applesafariMatch1.0.0b2

applesafariMatch1.0.1

applesafariMatch1.0.2

applesafariMatch1.0.3

applesafariMatch1.0.385.8

applesafariMatch1.0.385.8.1

applesafariMatch1.1

applesafariMatch1.1.0

applesafariMatch1.1.1

applesafariMatch1.2

applesafariMatch1.2.0

applesafariMatch1.2.1

applesafariMatch1.2.2

applesafariMatch1.2.3

applesafariMatch1.2.4

applesafariMatch1.2.5

applesafariMatch1.3

applesafariMatch1.3.0

applesafariMatch1.3.1

applesafariMatch1.3.2

applesafariMatch1.3.2312.5

applesafariMatch1.3.2312.6

applesafariMatch2

applesafariMatch2.0

applesafariMatch2.0.0

applesafariMatch2.0.1

applesafariMatch2.0.2

applesafariMatch2.0.3

applesafariMatch2.0.3417.8

applesafariMatch2.0.3417.9

applesafariMatch2.0.3417.9.2

applesafariMatch2.0.3417.9.3

applesafariMatch2.0.4

applesafariMatch3

applesafariMatch3.0

applesafariMatch3.0.0

applesafariMatch3.0.0b

applesafariMatch3.0.1

applesafariMatch3.0.1b

applesafariMatch3.0.2

applesafariMatch3.0.2b

applesafariMatch3.0.3

applesafariMatch3.0.3b

applesafariMatch3.0.4

applesafariMatch3.0.4b

applesafariMatch3.1.0

applesafariMatch3.1.0b

applesafariMatch3.1.1

applesafariMatch3.1.2

applesafariMatch3.2.0

applesafariMatch3.2.1

applesafariMatch3.2.2

applesafariMatch4.1

applesafariMatch4.1.1

applesafariMatch4.1.2

applesafariMatch5.0

applesafariMatch5.0.1

applesafariMatch5.0.2

applesafariMatch5.0.3

applesafariMatch5.0.4

AND

microsoftwindows_7

microsoftwindows_vista

microsoftwindows_xpsp2

microsoftwindows_xpsp3

VendorProductVersionCPE
applecfnetwork*cpe:2.3:a:apple:cfnetwork:*:*:*:*:*:*:*:*
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
applesafari1.0cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*
applesafari1.0cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*
applesafari1.0cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*
applesafari1.0.0cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*
applesafari1.0.0b1cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*
applesafari1.0.0b2cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*
applesafari1.0.1cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*
applesafari1.0.2cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	cfnetwork	*	cpe:2.3:a:apple:cfnetwork::::::::
apple	safari	*	cpe:2.3:a:apple:safari::::::::
apple	safari	1.0	cpe:2.3:a:apple:safari:1.0:::::::*
apple	safari	1.0	cpe:2.3:a:apple:safari:1.0:beta::::::
apple	safari	1.0	cpe:2.3:a:apple:safari:1.0:beta2::::::
apple	safari	1.0.0	cpe:2.3:a:apple:safari:1.0.0:::::::*
apple	safari	1.0.0b1	cpe:2.3:a:apple:safari:1.0.0b1:::::::*
apple	safari	1.0.0b2	cpe:2.3:a:apple:safari:1.0.0b2:::::::*
apple	safari	1.0.1	cpe:2.3:a:apple:safari:1.0.1:::::::*
apple	safari	1.0.2	cpe:2.3:a:apple:safari:1.0.2:::::::*