CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not properly validate certificates, which allows remote attackers to spoof trusted SSL certificates via a man-in-the-middle attack.
2007-11-15T01:46:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 6.8 (MEDIUM)
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | apple | mac_os_x | ≤ 10.4.10 | No |
| Operating System | apple | mac_os_x | 10.3.9 | No |
| Operating System | apple | mac_os_x | 10.4 | No |
| Operating System | apple | mac_os_x | 10.4.1 | Yes |
| Operating System | apple | mac_os_x | 10.4.2 | Yes |
| Operating System | apple | mac_os_x | 10.4.3 | Yes |
| Operating System | apple | mac_os_x | 10.4.4 | Yes |
| Operating System | apple | mac_os_x | 10.4.5 | Yes |
| Operating System | apple | mac_os_x | 10.4.6 | Yes |
| Operating System | apple | mac_os_x | 10.4.7 | Yes |
| Operating System | apple | mac_os_x | 10.4.8 | Yes |
| Operating System | apple | mac_os_x | 10.4.9 | Yes |
| Operating System | apple | mac_os_x_server | 10.3.9 | No |
| Operating System | apple | mac_os_x_server | 10.4 | No |
| Operating System | apple | mac_os_x_server | 10.4.1 | No |
| Operating System | apple | mac_os_x_server | 10.4.2 | No |
| Operating System | apple | mac_os_x_server | 10.4.3 | No |
| Operating System | apple | mac_os_x_server | 10.4.4 | No |
| Operating System | apple | mac_os_x_server | 10.4.5 | No |
| Operating System | apple | mac_os_x_server | 10.4.6 | No |
| Operating System | apple | mac_os_x_server | 10.4.7 | No |
| Operating System | apple | mac_os_x_server | 10.4.8 | No |
| Operating System | apple | mac_os_x_server | 10.4.9 | No |
| Operating System | apple | mac_os_x_server | 10.4.10 | No |