Vulnerability Description
Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | 2 |
References
- http://nils.toedtmann.net/pub/subjectAltName.txt
- http://securityreason.com/securityalert/3498
- http://www.securityfocus.com/archive/1/483929/100/100/threaded
- http://www.securityfocus.com/archive/1/483937/100/100/threaded
- http://nils.toedtmann.net/pub/subjectAltName.txt
- http://securityreason.com/securityalert/3498
- http://www.securityfocus.com/archive/1/483929/100/100/threaded
- http://www.securityfocus.com/archive/1/483937/100/100/threaded
FAQ
What is CVE-2007-6592?
CVE-2007-6592 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSNam...
How severe is CVE-2007-6592?
CVE-2007-6592 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6592?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari.