CVE-2011-0214

CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.

Affected Software

Name	Vendor	Start Version	End Version
Cfnetwork	Apple	*	*
Safari	Apple	*	5.0.5 (including)
Safari	Apple	1.0 (including)	1.0 (including)
Safari	Apple	1.0-beta (including)	1.0-beta (including)
Safari	Apple	1.0-beta2 (including)	1.0-beta2 (including)
Safari	Apple	1.0.0 (including)	1.0.0 (including)
Safari	Apple	1.0.0b1 (including)	1.0.0b1 (including)
Safari	Apple	1.0.0b2 (including)	1.0.0b2 (including)
Safari	Apple	1.0.1 (including)	1.0.1 (including)
Safari	Apple	1.0.2 (including)	1.0.2 (including)
Safari	Apple	1.0.3 (including)	1.0.3 (including)
Safari	Apple	1.0.3-85.8 (including)	1.0.3-85.8 (including)
Safari	Apple	1.0.3-85.8.1 (including)	1.0.3-85.8.1 (including)
Safari	Apple	1.1 (including)	1.1 (including)
Safari	Apple	1.1.0 (including)	1.1.0 (including)
Safari	Apple	1.1.1 (including)	1.1.1 (including)
Safari	Apple	1.2 (including)	1.2 (including)
Safari	Apple	1.2.0 (including)	1.2.0 (including)
Safari	Apple	1.2.1 (including)	1.2.1 (including)
Safari	Apple	1.2.2 (including)	1.2.2 (including)
Safari	Apple	1.2.3 (including)	1.2.3 (including)
Safari	Apple	1.2.4 (including)	1.2.4 (including)
Safari	Apple	1.2.5 (including)	1.2.5 (including)
Safari	Apple	1.3 (including)	1.3 (including)
Safari	Apple	1.3.0 (including)	1.3.0 (including)
Safari	Apple	1.3.1 (including)	1.3.1 (including)
Safari	Apple	1.3.2 (including)	1.3.2 (including)
Safari	Apple	1.3.2-312.5 (including)	1.3.2-312.5 (including)
Safari	Apple	1.3.2-312.6 (including)	1.3.2-312.6 (including)
Safari	Apple	2 (including)	2 (including)
Safari	Apple	2.0 (including)	2.0 (including)
Safari	Apple	2.0.0 (including)	2.0.0 (including)
Safari	Apple	2.0.1 (including)	2.0.1 (including)
Safari	Apple	2.0.2 (including)	2.0.2 (including)
Safari	Apple	2.0.3 (including)	2.0.3 (including)
Safari	Apple	2.0.3-417.8 (including)	2.0.3-417.8 (including)
Safari	Apple	2.0.3-417.9 (including)	2.0.3-417.9 (including)
Safari	Apple	2.0.3-417.9.2 (including)	2.0.3-417.9.2 (including)
Safari	Apple	2.0.3-417.9.3 (including)	2.0.3-417.9.3 (including)
Safari	Apple	2.0.4 (including)	2.0.4 (including)
Safari	Apple	3 (including)	3 (including)
Safari	Apple	3.0 (including)	3.0 (including)
Safari	Apple	3.0.0 (including)	3.0.0 (including)
Safari	Apple	3.0.0b (including)	3.0.0b (including)
Safari	Apple	3.0.1 (including)	3.0.1 (including)
Safari	Apple	3.0.1b (including)	3.0.1b (including)
Safari	Apple	3.0.2 (including)	3.0.2 (including)
Safari	Apple	3.0.2b (including)	3.0.2b (including)
Safari	Apple	3.0.3 (including)	3.0.3 (including)
Safari	Apple	3.0.3b (including)	3.0.3b (including)
Safari	Apple	3.0.4 (including)	3.0.4 (including)
Safari	Apple	3.0.4b (including)	3.0.4b (including)
Safari	Apple	3.1.0 (including)	3.1.0 (including)
Safari	Apple	3.1.0b (including)	3.1.0b (including)
Safari	Apple	3.1.1 (including)	3.1.1 (including)
Safari	Apple	3.1.2 (including)	3.1.2 (including)
Safari	Apple	3.2.0 (including)	3.2.0 (including)
Safari	Apple	3.2.1 (including)	3.2.1 (including)
Safari	Apple	3.2.2 (including)	3.2.2 (including)
Safari	Apple	4.1 (including)	4.1 (including)
Safari	Apple	4.1.1 (including)	4.1.1 (including)
Safari	Apple	4.1.2 (including)	4.1.2 (including)
Safari	Apple	5.0 (including)	5.0 (including)
Safari	Apple	5.0.1 (including)	5.0.1 (including)
Safari	Apple	5.0.2 (including)	5.0.2 (including)
Safari	Apple	5.0.3 (including)	5.0.3 (including)
Safari	Apple	5.0.4 (including)	5.0.4 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-0214
CWE	https://cwe.mitre.org/data/definitions/310.html

Affected Software

References