CVE-2011-3253

Severity CVSS v4.0:
Pending analysis
Type:
CWE-200 Information Leak / Disclosure
Publication date:
14/10/2011
Last modified:
11/04/2025

Description

CalDAV in Apple iOS before 5 does not validate X.509 certificates for SSL sessions, which allows man-in-the-middle attackers to spoof calendar servers and obtain sensitive information via an arbitrary certificate.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:apple:iphone_os:3.0:-:iphone:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1:-:iphone:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1:-:ipodtouch:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1.2:-:iphone:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1.3:-:iphone:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.2:-:iphone:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.2:-:ipodtouch:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.2.1:-:ipad:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.2.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0:-:iphone:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0:-:ipodtouch:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:4.0.1:*:*:*:*:*:*:*