CVE-2006-4409 | Vulnerability Database | Aqua Security

The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.

Affected Software

Name	Vendor	Start Version	End Version
Mac_os_x	Apple	10.4 (including)	10.4 (including)
Mac_os_x	Apple	10.4.1 (including)	10.4.1 (including)
Mac_os_x	Apple	10.4.2 (including)	10.4.2 (including)
Mac_os_x	Apple	10.4.3 (including)	10.4.3 (including)
Mac_os_x	Apple	10.4.4 (including)	10.4.4 (including)
Mac_os_x	Apple	10.4.5 (including)	10.4.5 (including)
Mac_os_x	Apple	10.4.6 (including)	10.4.6 (including)
Mac_os_x	Apple	10.4.7 (including)	10.4.7 (including)
Mac_os_x	Apple	10.4.8 (including)	10.4.8 (including)

References

http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://secunia.com/advisories/23155
http://securitytracker.com/id?1017298
http://www.kb.cert.org/vuls/id/811384
http://www.osvdb.org/30729
http://www.securityfocus.com/bid/21335
http://www.us-cert.gov/cas/techalerts/TA06-333A.html
http://www.vupen.com/english/advisories/2006/4750

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4409
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html