Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-0214

CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.

Published

2011-07-21T23:55:01.723

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-310

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apple	cfnetwork	*	Yes
Application	apple	safari	≤ 5.0.5	Yes
Application	apple	safari	1.0	Yes
Application	apple	safari	1.0	Yes
Application	apple	safari	1.0	Yes
Application	apple	safari	1.0.0	Yes
Application	apple	safari	1.0.0b1	Yes
Application	apple	safari	1.0.0b2	Yes
Application	apple	safari	1.0.1	Yes
Application	apple	safari	1.0.2	Yes
Application	apple	safari	1.0.3	Yes
Application	apple	safari	1.0.3	Yes
Application	apple	safari	1.0.3	Yes
Application	apple	safari	1.1	Yes
Application	apple	safari	1.1.0	Yes
Application	apple	safari	1.1.1	Yes
Application	apple	safari	1.2	Yes
Application	apple	safari	1.2.0	Yes
Application	apple	safari	1.2.1	Yes
Application	apple	safari	1.2.2	Yes
Application	apple	safari	1.2.3	Yes
Application	apple	safari	1.2.4	Yes
Application	apple	safari	1.2.5	Yes
Application	apple	safari	1.3	Yes
Application	apple	safari	1.3.0	Yes
Application	apple	safari	1.3.1	Yes
Application	apple	safari	1.3.2	Yes
Application	apple	safari	1.3.2	Yes
Application	apple	safari	1.3.2	Yes
Application	apple	safari	2	Yes
Application	apple	safari	2.0	Yes
Application	apple	safari	2.0.0	Yes
Application	apple	safari	2.0.1	Yes
Application	apple	safari	2.0.2	Yes
Application	apple	safari	2.0.3	Yes
Application	apple	safari	2.0.3	Yes
Application	apple	safari	2.0.3	Yes
Application	apple	safari	2.0.3	Yes
Application	apple	safari	2.0.3	Yes
Application	apple	safari	2.0.4	Yes
Application	apple	safari	3	Yes
Application	apple	safari	3.0	Yes
Application	apple	safari	3.0.0	Yes
Application	apple	safari	3.0.0b	Yes
Application	apple	safari	3.0.1	Yes
Application	apple	safari	3.0.1b	Yes
Application	apple	safari	3.0.2	Yes
Application	apple	safari	3.0.2b	Yes
Application	apple	safari	3.0.3	Yes
Application	apple	safari	3.0.3b	Yes
Application	apple	safari	3.0.4	Yes
Application	apple	safari	3.0.4b	Yes
Application	apple	safari	3.1.0	Yes
Application	apple	safari	3.1.0b	Yes
Application	apple	safari	3.1.1	Yes
Application	apple	safari	3.1.2	Yes
Application	apple	safari	3.2.0	Yes
Application	apple	safari	3.2.1	Yes
Application	apple	safari	3.2.2	Yes
Application	apple	safari	4.1	Yes
Application	apple	safari	4.1.1	Yes
Application	apple	safari	4.1.2	Yes
Application	apple	safari	5.0	Yes
Application	apple	safari	5.0.1	Yes
Application	apple	safari	5.0.2	Yes
Application	apple	safari	5.0.3	Yes
Application	apple	safari	5.0.4	Yes
Operating System	microsoft	windows_7	*	No
Operating System	microsoft	windows_vista	*	No
Operating System	microsoft	windows_xp	*	No
Operating System	microsoft	windows_xp	*	No

References

http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html Patch, Vendor Advisory ([email protected])
http://support.apple.com/kb/HT4808 ([email protected])
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4808 (af854a3a-2127-422b-91ae-364da2661108)