CVE-2007-6592 - Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in

CVE-2007-6592

Summary

Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

References

Vulnerable Configurations

cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 15-10-2018 - 21:55)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bugtraq	20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2 20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2
misc	http://nils.toedtmann.net/pub/subjectAltName.txt
sreason	3498

Last major update

15-10-2018 - 21:55

Published

28-12-2007 - 21:46

Last modified

15-10-2018 - 21:55