CVE-2011-3444

Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.

Published: Feb 2, 2012
Updated: Apr 13, 2023
CVE: CVE-2011-3444
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
apple / mac_os_x_server	-	10.7.2.x
apple / mac_os_x_server	10.7.1	10.7.1.x
apple / mac_os_x_server	10.7.0	10.7.0.x
apple / mac_os_x	10.7.0	10.7.0.x
apple / mac_os_x	-	10.7.2.x
apple / mac_os_x	10.7.1	10.7.1.x

http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://support.apple.com/kb/HT5130

Vulnerability Database

289,697

CVE-2011-3444