Vulnerability-Lookup

CVE-2011-3427 (GCVE-0-2011-3427)

Vulnerability from cvelistv5 – Published: 2011-10-14 10:00 – Updated: 2024-08-06 23:37

Summary

The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.

Severity ?

No CVSS data available.

CWE

Assigner

apple

References

URL

Tags

	http://lists.apple.com/archives/Security-announce…	vendor-advisoryx_refsource_APPLE
	http://osvdb.org/76326	vdb-entryx_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://support.apple.com/kb/HT4999	x_refsource_CONFIRM
	http://support.apple.com/kb/HT5001	x_refsource_CONFIRM
	http://lists.apple.com/archives/Security-announce…	vendor-advisoryx_refsource_APPLE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:37:47.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2011-10-12-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
          },
          {
            "name": "76326",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/76326"
          },
          {
            "name": "appleios-appletv-x509-spoofing(70547)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70547"
          },
          {
            "name": "APPLE-SA-2013-10-22-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4999"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5001"
          },
          {
            "name": "APPLE-SA-2011-10-12-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-10-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "APPLE-SA-2011-10-12-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
        },
        {
          "name": "76326",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/76326"
        },
        {
          "name": "appleios-appletv-x509-spoofing(70547)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70547"
        },
        {
          "name": "APPLE-SA-2013-10-22-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4999"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5001"
        },
        {
          "name": "APPLE-SA-2011-10-12-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2011-3427",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2011-10-12-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
            },
            {
              "name": "76326",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/76326"
            },
            {
              "name": "appleios-appletv-x509-spoofing(70547)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70547"
            },
            {
              "name": "APPLE-SA-2013-10-22-3",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4999",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4999"
            },
            {
              "name": "http://support.apple.com/kb/HT5001",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5001"
            },
            {
              "name": "APPLE-SA-2011-10-12-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2011-3427",
    "datePublished": "2011-10-14T10:00:00.000Z",
    "dateReserved": "2011-09-13T00:00:00.000Z",
    "dateUpdated": "2024-08-06T23:37:47.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-Q64W-J52M-R9M5

Vulnerability from github – Published: 2022-05-17 01:53 – Updated: 2022-05-17 01:53

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-3427"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-10-14T10:55:00Z",
    "severity": "LOW"
  },
  "details": "The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.",
  "id": "GHSA-q64w-j52m-r9m5",
  "modified": "2022-05-17T01:53:22Z",
  "published": "2022-05-17T01:53:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3427"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70547"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/76326"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4999"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT5001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2011-AVI-567

Vulnerability from certfr_avis - Published: 2011-10-13 - Updated: 2011-10-13

De nombreuses vulnérabilités ont été corrigées dans Apple iOS pour iPhone, iPad et iPod touch dont certaines permettent une exécution de code arbitraire à distance.

Description

De nombreuses vulnérabilités ont été corrigées dans Apple iOS pour iPhone, iPad et iPod touch. Certaines permettent à une personne malintentionnée d'exécuter du code arbitraire à distance ou de récupérer le mot de passe du compte «Apple ID» utilisé. Les composants suivants ont été mise à jour :

CalDAV ;
Calendar ;
CFNetwork ;
CoreFoundation ;
CoreGraphics ;
CoreMedia ;
ImageIO ;
International Components for Unicode ;
Kernel ;
Keyboards ;
libxml ;
OfficeImport ;
Safari ;
Settings ;
UIKit ;
WebKit ;
WiFi.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	iPod touch avec iOS versions 4.3.5 et antérieures.
Apple	N/A	iPhone 4 et 3GS avec iOS versions 4.3.5 et antérieures ;
Apple	N/A	iPad avec iOS versions 4.3.5 et antérieures ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4999 du 12 octobre 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "iPod touch avec iOS versions 4.3.5 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPhone 4 et 3GS avec iOS versions 4.3.5 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPad avec iOS versions 4.3.5 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Apple iOS pour\niPhone, iPad et iPod touch. Certaines permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ou de r\u00e9cup\u00e9rer\nle mot de passe du compte \u00abApple ID\u00bb utilis\u00e9. Les composants suivants\nont \u00e9t\u00e9 mise \u00e0 jour\u00a0:\n\n-   CalDAV\u00a0;\n-   Calendar\u00a0;\n-   CFNetwork\u00a0;\n-   CoreFoundation\u00a0;\n-   CoreGraphics\u00a0;\n-   CoreMedia\u00a0;\n-   ImageIO\u00a0;\n-   International Components for Unicode\u00a0;\n-   Kernel\u00a0;\n-   Keyboards\u00a0;\n-   libxml\u00a0;\n-   OfficeImport\u00a0;\n-   Safari\u00a0;\n-   Settings\u00a0;\n-   UIKit\u00a0;\n-   WebKit\u00a0;\n-   WiFi.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1204"
    },
    {
      "name": "CVE-2011-1117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1117"
    },
    {
      "name": "CVE-2011-0187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0187"
    },
    {
      "name": "CVE-2011-0983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0983"
    },
    {
      "name": "CVE-2011-0259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0259"
    },
    {
      "name": "CVE-2011-2814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2814"
    },
    {
      "name": "CVE-2011-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0208"
    },
    {
      "name": "CVE-2011-0192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
    },
    {
      "name": "CVE-2011-2823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2823"
    },
    {
      "name": "CVE-2011-2813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2813"
    },
    {
      "name": "CVE-2011-2359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2359"
    },
    {
      "name": "CVE-2011-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
    },
    {
      "name": "CVE-2011-2788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2788"
    },
    {
      "name": "CVE-2011-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1774"
    },
    {
      "name": "CVE-2011-2819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2819"
    },
    {
      "name": "CVE-2011-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2799"
    },
    {
      "name": "CVE-2011-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2341"
    },
    {
      "name": "CVE-2011-0255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0255"
    },
    {
      "name": "CVE-2011-1190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1190"
    },
    {
      "name": "CVE-2011-3256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3256"
    },
    {
      "name": "CVE-2011-1188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1188"
    },
    {
      "name": "CVE-2011-0233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0233"
    },
    {
      "name": "CVE-2011-1115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1115"
    },
    {
      "name": "CVE-2011-1296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1296"
    },
    {
      "name": "CVE-2011-2351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2351"
    },
    {
      "name": "CVE-2011-2827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2827"
    },
    {
      "name": "CVE-2011-3432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3432"
    },
    {
      "name": "CVE-2011-0981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0981"
    },
    {
      "name": "CVE-2011-3254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3254"
    },
    {
      "name": "CVE-2011-0254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0254"
    },
    {
      "name": "CVE-2011-2831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2831"
    },
    {
      "name": "CVE-2011-0238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0238"
    },
    {
      "name": "CVE-2011-2800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2800"
    },
    {
      "name": "CVE-2011-1295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1295"
    },
    {
      "name": "CVE-2011-3434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3434"
    },
    {
      "name": "CVE-2011-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0222"
    },
    {
      "name": "CVE-2011-1121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1121"
    },
    {
      "name": "CVE-2011-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1797"
    },
    {
      "name": "CVE-2011-2817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2817"
    },
    {
      "name": "CVE-2011-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0206"
    },
    {
      "name": "CVE-2011-1451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1451"
    },
    {
      "name": "CVE-2011-2790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2790"
    },
    {
      "name": "CVE-2011-3243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3243"
    },
    {
      "name": "CVE-2011-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3235"
    },
    {
      "name": "CVE-2011-3237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3237"
    },
    {
      "name": "CVE-2011-3255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3255"
    },
    {
      "name": "CVE-2011-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2805"
    },
    {
      "name": "CVE-2011-0232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0232"
    },
    {
      "name": "CVE-2011-2356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2356"
    },
    {
      "name": "CVE-2011-3246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3246"
    },
    {
      "name": "CVE-2011-2797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2797"
    },
    {
      "name": "CVE-2011-2339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2339"
    },
    {
      "name": "CVE-2011-1288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1288"
    },
    {
      "name": "CVE-2011-1132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1132"
    },
    {
      "name": "CVE-2011-0241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0241"
    },
    {
      "name": "CVE-2011-1203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1203"
    },
    {
      "name": "CVE-2011-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3245"
    },
    {
      "name": "CVE-2011-0242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0242"
    },
    {
      "name": "CVE-2011-2809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2809"
    },
    {
      "name": "CVE-2011-3261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3261"
    },
    {
      "name": "CVE-2011-1293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1293"
    },
    {
      "name": "CVE-2011-3234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3234"
    },
    {
      "name": "CVE-2011-2338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2338"
    },
    {
      "name": "CVE-2011-3429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3429"
    },
    {
      "name": "CVE-2011-0184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0184"
    },
    {
      "name": "CVE-2011-3431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3431"
    },
    {
      "name": "CVE-2011-2792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2792"
    },
    {
      "name": "CVE-2011-0234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0234"
    },
    {
      "name": "CVE-2011-1449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1449"
    },
    {
      "name": "CVE-2011-3430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3430"
    },
    {
      "name": "CVE-2011-3259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3259"
    },
    {
      "name": "CVE-2011-2818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2818"
    },
    {
      "name": "CVE-2011-1457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1457"
    },
    {
      "name": "CVE-2011-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0235"
    },
    {
      "name": "CVE-2011-0225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0225"
    },
    {
      "name": "CVE-2011-3236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3236"
    },
    {
      "name": "CVE-2011-1114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1114"
    },
    {
      "name": "CVE-2011-3427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3427"
    },
    {
      "name": "CVE-2011-0166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0166"
    },
    {
      "name": "CVE-2011-2820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2820"
    },
    {
      "name": "CVE-2011-1109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1109"
    },
    {
      "name": "CVE-2011-0221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0221"
    },
    {
      "name": "CVE-2011-2354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2354"
    },
    {
      "name": "CVE-2011-2816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2816"
    },
    {
      "name": "CVE-2011-2352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2352"
    },
    {
      "name": "CVE-2011-1462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1462"
    },
    {
      "name": "CVE-2011-1453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1453"
    },
    {
      "name": "CVE-2011-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0218"
    },
    {
      "name": "CVE-2011-3257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3257"
    },
    {
      "name": "CVE-2011-3244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3244"
    },
    {
      "name": "CVE-2011-1107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1107"
    },
    {
      "name": "CVE-2011-3389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
    },
    {
      "name": "CVE-2011-3426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3426"
    },
    {
      "name": "CVE-2011-3260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3260"
    },
    {
      "name": "CVE-2011-3232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3232"
    },
    {
      "name": "CVE-2011-3253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3253"
    }
  ],
  "initial_release_date": "2011-10-13T00:00:00",
  "last_revision_date": "2011-10-13T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-567",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Apple iOS pour\niPhone, iPad et iPod touch dont certaines permettent une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Apple iOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4999 du 12 octobre 2011",
      "url": "http://support.apple.com/kb/HT4999"
    }
  ]
}

CERTA-2013-AVI-601

Vulnerability from certfr_avis - Published: 2013-10-24 - Updated: 2013-10-24

De multiples vulnérabilités ont été corrigées dans Apple OS X Mavericks. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à OS X Mavericks v10.9

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT6011 du 22 octobre 2013

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 OS X Mavericks v10.9\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2013-5188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5188"
    },
    {
      "name": "CVE-2013-4073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4073"
    },
    {
      "name": "CVE-2013-0249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0249"
    },
    {
      "name": "CVE-2013-5190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5190"
    },
    {
      "name": "CVE-2013-1667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1667"
    },
    {
      "name": "CVE-2013-5167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5167"
    },
    {
      "name": "CVE-2013-5172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5172"
    },
    {
      "name": "CVE-2013-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1944"
    },
    {
      "name": "CVE-2013-5182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5182"
    },
    {
      "name": "CVE-2013-5191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5191"
    },
    {
      "name": "CVE-2013-5175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5175"
    },
    {
      "name": "CVE-2013-3954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3954"
    },
    {
      "name": "CVE-2012-1150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1150"
    },
    {
      "name": "CVE-2013-5174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5174"
    },
    {
      "name": "CVE-2013-5186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5186"
    },
    {
      "name": "CVE-2013-5176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5176"
    },
    {
      "name": "CVE-2013-5170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5170"
    },
    {
      "name": "CVE-2012-0876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
    },
    {
      "name": "CVE-2013-5135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5135"
    },
    {
      "name": "CVE-2013-5187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5187"
    },
    {
      "name": "CVE-2013-5192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5192"
    },
    {
      "name": "CVE-2013-5184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5184"
    },
    {
      "name": "CVE-2012-0845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0845"
    },
    {
      "name": "CVE-2013-5185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5185"
    },
    {
      "name": "CVE-2013-5183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5183"
    },
    {
      "name": "CVE-2013-5168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5168"
    },
    {
      "name": "CVE-2013-5145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5145"
    },
    {
      "name": "CVE-2013-5173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5173"
    },
    {
      "name": "CVE-2013-5142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5142"
    },
    {
      "name": "CVE-2013-5166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5166"
    },
    {
      "name": "CVE-2013-5169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5169"
    },
    {
      "name": "CVE-2013-5189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5189"
    },
    {
      "name": "CVE-2013-5177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5177"
    },
    {
      "name": "CVE-2013-5141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5141"
    },
    {
      "name": "CVE-2013-5139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5139"
    },
    {
      "name": "CVE-2013-3950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-3950"
    },
    {
      "name": "CVE-2013-5180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5180"
    },
    {
      "name": "CVE-2013-5171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5171"
    },
    {
      "name": "CVE-2013-5181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5181"
    },
    {
      "name": "CVE-2013-5165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5165"
    },
    {
      "name": "CVE-2011-3427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3427"
    },
    {
      "name": "CVE-2011-4944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4944"
    },
    {
      "name": "CVE-2013-5179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5179"
    },
    {
      "name": "CVE-2013-5138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5138"
    },
    {
      "name": "CVE-2011-2391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2391"
    },
    {
      "name": "CVE-2011-3389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
    },
    {
      "name": "CVE-2013-5178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5178"
    }
  ],
  "initial_release_date": "2013-10-24T00:00:00",
  "last_revision_date": "2013-10-24T00:00:00",
  "links": [],
  "reference": "CERTA-2013-AVI-601",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2013-10-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X Mavericks\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire, un\ncontournement de la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X Mavericks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT6011 du 22 octobre 2013",
      "url": "http://support.apple.com/kb/HT6011"
    }
  ]
}

GSD-2011-3427

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2011-3427

Aliases

CVE-2011-3427

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2011-3427",
    "description": "The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.",
    "id": "GSD-2011-3427"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2011-3427"
      ],
      "details": "The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.",
      "id": "GSD-2011-3427",
      "modified": "2023-12-13T01:19:09.716354Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2011-3427",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2011-10-12-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
          },
          {
            "name": "76326",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/76326"
          },
          {
            "name": "appleios-appletv-x509-spoofing(70547)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70547"
          },
          {
            "name": "APPLE-SA-2013-10-22-3",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
          },
          {
            "name": "http://support.apple.com/kb/HT4999",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4999"
          },
          {
            "name": "http://support.apple.com/kb/HT5001",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT5001"
          },
          {
            "name": "APPLE-SA-2011-10-12-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:apple_tv:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:apple_tv:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:apple_tv:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:apple_tv:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.1:-:ipad:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipodtouch:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2:-:ipodtouch:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.2:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.0:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.3:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1.2:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.0.1:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:3.1:-:iphone:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipad:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2011-3427"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://support.apple.com/kb/HT4999",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT4999"
            },
            {
              "name": "http://support.apple.com/kb/HT5001",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT5001"
            },
            {
              "name": "APPLE-SA-2011-10-12-2",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
            },
            {
              "name": "APPLE-SA-2011-10-12-1",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
            },
            {
              "name": "76326",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/76326"
            },
            {
              "name": "APPLE-SA-2013-10-22-3",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
            },
            {
              "name": "appleios-appletv-x509-spoofing(70547)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70547"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-29T01:30Z",
      "publishedDate": "2011-10-14T10:55Z"
    }
  }
}

FKIE_CVE-2011-3427

Vulnerability from fkie_nvd - Published: 2011-10-14 10:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html	Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
product-security@apple.com	http://osvdb.org/76326
product-security@apple.com	http://support.apple.com/kb/HT4999	Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT5001	Vendor Advisory
product-security@apple.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/70547
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/76326
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4999	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT5001	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/70547

Impacted products

Vendor	Product	Version
apple	apple_tv	4.0
apple	apple_tv	4.1
apple	apple_tv	4.2
apple	apple_tv	4.3
apple	iphone_os	3.0
apple	iphone_os	3.1
apple	iphone_os	3.1
apple	iphone_os	3.1
apple	iphone_os	3.1.2
apple	iphone_os	3.1.3
apple	iphone_os	3.2
apple	iphone_os	3.2
apple	iphone_os	3.2.1
apple	iphone_os	3.2.1
apple	iphone_os	3.2.2
apple	iphone_os	4.0
apple	iphone_os	4.0
apple	iphone_os	4.0
apple	iphone_os	4.0.1
apple	iphone_os	4.0.1
apple	iphone_os	4.0.1
apple	iphone_os	4.0.2
apple	iphone_os	4.1
apple	iphone_os	4.2.1
apple	iphone_os	4.2.5
apple	iphone_os	4.2.8
apple	iphone_os	4.3.0
apple	iphone_os	4.3.1
apple	iphone_os	4.3.2
apple	iphone_os	4.3.3
apple	iphone_os	4.3.5
apple	iphone_os	4.3.5
apple	iphone_os	4.3.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:apple_tv:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F89929-2308-44C8-B7EE-D83BDC84A805",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:apple_tv:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "97FCC213-4F8E-4DCB-B8F1-A8555A0858BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:apple_tv:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8C6F634-8586-412B-9939-3D9ACD601B90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:apple_tv:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "051C458D-4CA5-42E7-9846-5912E4B42769",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.0:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "A066B59B-D5C8-4AA8-9CC7-5D34F4AB88AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D3BE2B-5A01-4AD4-A436-0056B50A535D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "E357722F-4976-4E47-BFB5-709480BAE267",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "F43A6FEC-ECA9-44A4-AD00-FDC6F3990DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1.2:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "7CA92907-90C9-4BD6-8EE8-8FA6298C3D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.1.3:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "220590DA-2B6A-4FC9-B456-3053EED9D96E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.2:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "3FE3CDE8-6497-445E-A845-8A1C2A4EDEB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.2:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "9E4D3134-28BC-4C30-A9B0-559338FBBDFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A939B80-0AD0-48AF-81A7-370716F56639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.2.1:-:ipad:*:*:*:*:*",
              "matchCriteriaId": "98C41674-370B-4CF0-817B-3843D93A10DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D28528CE-4943-4F82-80C0-A629DA3E6702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12E22AF0-2B66-425A-A1EE-4F0E3B0433E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "954CDDCB-AC22-448D-8ECA-CFA4DBA1BC27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "54FECD66-4216-43FC-9959-B8EA9545449C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB34ECBE-33E8-40E1-936B-7800D2525AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:-:iphone:*:*:*:*:*",
              "matchCriteriaId": "ECE983F6-A597-4581-A254-80396B54F2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0.1:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "586C0CB3-98E5-4CB3-8F23-27F01233D6C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "107C59BE-D8CF-4A17-8DFB-BED2AB12388D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "36C86BB9-0328-4E34-BC2B-47B3471EC262",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A54A8681-2D8A-4B0B-A947-82F3CE1FB03C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0070D83-2E27-4DA8-8D10-A6A697216F36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C9ACA63-4528-4090-B1EA-1FE57A6B0555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7252935C-E421-4339-B61F-0299E28888DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DD342BF-096A-4082-B700-19629F2BDE87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "93141AB6-26F2-4C6D-95B3-D383EABB4034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D5C61FF-7CD3-410A-94F2-5DE701466B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "28A01C87-B02A-4239-8340-B396D0E6B21C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipad:*:*:*:*:*",
              "matchCriteriaId": "396634C5-774C-4131-B927-3CAD239EF0B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:4.3.5:-:ipodtouch:*:*:*:*:*",
              "matchCriteriaId": "64FF0F29-B3C2-4BDC-89FF-DBEDE87D64A4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate."
    },
    {
      "lang": "es",
      "value": "El componente Data Security en Apple iOS anterior a v5 y Apple TV anterior a v4.4 no  restringe correctamente el uso del algoritmo de hash MD5 en los certificados X.509, lo que hace que sea m\u00e1s f\u00e1cil para atacante de \"hombre en medio\" falsificar servidores u obtener informaci\u00f3n sensible a trav\u00e9s de un certificado especialmente dise\u00f1ado."
    }
  ],
  "id": "CVE-2011-3427",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-10-14T10:55:10.683",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://osvdb.org/76326"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4999"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5001"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70547"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/76326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4999"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT5001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70547"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-3427 (GCVE-0-2011-3427)

GHSA-Q64W-J52M-R9M5

CERTA-2011-AVI-567

Description

Solution

CERTA-2013-AVI-601

Solution

GSD-2011-3427

FKIE_CVE-2011-3427

Tags

Sightings

Nomenclature