The Certificate Trust Policy component in Apple Mac OS X prior to 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle malicious users to spoof an SSL server via a revoked certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apple mac os x server |
||
apple mac os x |