Code injection

2007-12-2821:46:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.0%

JSON

Apple Safari 2, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

CPENameOperatorVersion
safarieq2

CPE	Name	Operator	Version
	safari	eq	2

References

nils.toedtmann.net/pub/subjectAltName.txt

securityreason.com/securityalert/3498

www.securityfocus.com/archive/1/483929/100/100/threaded

www.securityfocus.com/archive/1/483937/100/100/threaded