CVE-2007-6592

Name of the Vulnerable Software and Affected Versions Apple Safari version 2

Description The issue allows remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. This occurs when a user accepts an SSL server certificate based on the CN domain name in the DN field, and the certificate is then regarded as accepted for all domain names in subjectAltName:dNSName fields.

Recommendations For Apple Safari version 2, consider disabling the automatic acceptance of SSL server certificates based on the CN domain name in the DN field as a temporary workaround until a patch is available. Restrict access to sensitive information when using this version of Safari to minimize the risk of exploitation.