CVE-2003-0355 — Improper Validation of Certificate with Host Mismatch in Apple Safari

CWE-297 — Improper Validation of Certificate with Host Mismatch3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 42.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedJun 9

Latest updateApr 29

Description

Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/safari1.0

🔴Vulnerability Details

GHSA

GHSA-xgff-48h7-pjqg: Safari 1↗2022-04-29

▶

📐Framework References

CWE

Improper Validation of Certificate with Host Mismatch↗

▶