Vulnerability Description
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | 10.4 |
References
- http://docs.info.apple.com/article.html?artnum=304829
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://secunia.com/advisories/23155Vendor Advisory
- http://securitytracker.com/id?1017298
- http://www.kb.cert.org/vuls/id/811384US Government Resource
- http://www.osvdb.org/30729
- http://www.securityfocus.com/bid/21335
- http://www.us-cert.gov/cas/techalerts/TA06-333A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2006/4750
- http://docs.info.apple.com/article.html?artnum=304829
- http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
- http://secunia.com/advisories/23155Vendor Advisory
- http://securitytracker.com/id?1017298
- http://www.kb.cert.org/vuls/id/811384US Government Resource
- http://www.osvdb.org/30729
FAQ
What is CVE-2006-4409?
CVE-2006-4409 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which co...
How severe is CVE-2006-4409?
CVE-2006-4409 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4409?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X.