2.6
CVSSv2

CVE-2011-3427

Published: 14/10/2011 Updated: 29/08/2017
CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9
VMScore: 242
Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N

Vulnerability Summary

The Data Security component in Apple iOS prior to 5 and Apple TV prior to 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.

Affected Products

Vendor Product Versions
AppleApple Tv4.0, 4.1, 4.2, 4.3
AppleIphone Os3.0, 3.1, 3.1.2, 3.1.3, 3.2, 3.2.1, 3.2.2, 4.0, 4.0.1, 4.0.2, 4.1, 4.2.1, 4.2.5, 4.2.8, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.5