CVE-2011-3444

EUVD-2011-3407
Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an encrypted connection and then sniffing the network.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
applemac_os_x
𝑥
≤ 10.7.2
applemac_os_x
10.7.0
applemac_os_x
10.7.1
applemac_os_x_server
𝑥
≤ 10.7.2
applemac_os_x_server
10.7.0
applemac_os_x_server
10.7.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://support.apple.com/kb/HT5130
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
http://support.apple.com/kb/HT5130