CVE-2006-4390

high

Description

CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29277

http://www.vupen.com/english/advisories/2006/3852

http://www.securityfocus.com/bid/20271

http://www.osvdb.org/29267

http://securitytracker.com/id?1016952

http://secunia.com/advisories/22187

http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html

Details

Source: Mitre, NVD

Published: 2006-10-03

Updated: 2017-07-20

Risk Information

CVSS v2

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High