CVE-2011-0214 — Apple Safari vulnerability

CWE-3102 documents2 sources

Severity

5.0MEDIUMNVD

EPSS

0.1%

top 71.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedJul 21

Latest updateMay 17

Description

CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari5.0.5+55

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-wg73-763q-mvp2: CFNetwork in Apple Safari before 5↗2022-05-17

▶