Lucene search
HistoryOct 23, 2015 - 10:59 a.m.
CVE-2015-6999
cve-2015-6999
ocsp client
apple ios
certificate expiry
remote attackers
spoofing
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.9%
The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate.
Affected configurations
Node
appleiphone_osRange≤9.0.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| apple:iphone_os | apple iphone os | le | 9.0.2 |
Related
prion
prion
Design/Logic Flaw
2015-10-23 10:59:00
cvelist
cvelist
CVE-2015-6999
2015-10-23 10:00:00
nvd
nvd
CVE-2015-6999
2015-10-23 10:59:08
nessus
nessus
Apple iOS < 9.1 Multiple Vulnerabilities
2016-05-26 00:00:00
Apple iOS < 9.1 Multiple Vulnerabilities
2015-10-23 00:00:00
securityvulns
securityvulns
APPLE-SA-2015-10-21-1 iOS 9.1
2015-10-25 00:00:00
Apple iOS multiple security vulnerabilities
2015-10-25 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.9%
Related for CVE-2015-6999