CVE-2011-3427Sensitive Information Exposure in Apple TV

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
2.6LOWNVD
EPSS
0.3%
top 48.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple TVApple Iphone OS
Timeline
PublishedOct 14
Latest updateMay 17

Description

The Data Security component in Apple iOS before 5 and Apple TV before 4.4 does not properly restrict use of the MD5 hash algorithm within X.509 certificates, which makes it easier for man-in-the-middle attackers to spoof servers or obtain sensitive information via a crafted certificate.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

NVDapple/apple_tv4 versions+3
NVDapple/iphone_os19 versions+18

🔴Vulnerability Details

2
GHSA
GHSA-q64w-j52m-r9m5: The Data Security component in Apple iOS before 5 and Apple TV before 42022-05-17
CVEList
CVE-2011-3427: The Data Security component in Apple iOS before 5 and Apple TV before 42011-10-14
CVE-2011-3427 — Sensitive Information Exposure in Apple | cvebase