CVE-2009-0161 — Improper Input Validation in Apple MAC OS X
Severity
6.4MEDIUMNVD
EPSS
0.3%
top 51.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 13
Latest updateMay 2
Description
The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate.
CVSS vector
AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9