CVE-2015-6997

The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Information

Published : 2015-10-23 03:59

Updated : 2016-12-23 18:59


NVD link : CVE-2015-6997

Mitre link : CVE-2015-6997


JSON object : View

CWE
CWE-254

7PK - Security Features

Advertisement

dedicated server usa

Products Affected

apple

  • watchos
  • iphone_os