CVE-2011-0228
CVE-2011-0228
The Data Security component in Apple iOS before 4.2.10 and 4.3.x before 4.3.5 does not check the basicConstraints parameter during validation of X.509 certificate chains, which allows man-in-the-middle attackers to spoof an SSL server by using a non-CA certificate to sign a certificate for an arbitrary domain.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://lists.apple.com/archives/security-announce/2011//Jul/msg00004.htmlhttp://lists.apple.com/archives/security-announce/2011//Jul/msg00005.htmlhttp://secunia.com/advisories/45369http://securityreason.com/securityalert/8361http://securitytracker.com/id?1025837http://support.apple.com/kb/HT4824http://support.apple.com/kb/HT4825https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txthttp://www.securityfocus.com/archive/1/518982/100/0/threadedhttp://www.securityfocus.com/bid/48877