CVE-2011-3444

Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
applemac_os_x
𝑥
≤ 10.7.2
applemac_os_x
10.7.0
applemac_os_x
10.7.1
applemac_os_x_server
𝑥
≤ 10.7.2
applemac_os_x_server
10.7.0
applemac_os_x_server
10.7.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://support.apple.com/kb/HT5130
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://support.apple.com/kb/HT5130