CVE-2009-2072

Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.4 UNKNOWN
ADJACENT_NETWORK
MEDIUM
AV:A/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
applesafari
𝑥
≤ 3.2.1
applesafari
0.8
applesafari
0.9
applesafari
1.0
applesafari
1.0:beta
applesafari
1.0:beta2
applesafari
1.0.0
applesafari
1.0.0b1:b1
applesafari
1.0.0b2:b2
applesafari
1.0.1
applesafari
1.0.2
applesafari
1.0.3
applesafari
1.0.3:85.8
applesafari
1.0.3:85.8.1
applesafari
1.1
applesafari
1.1.0
applesafari
1.1.1
applesafari
1.2
applesafari
1.2.0
applesafari
1.2.1
applesafari
1.2.2
applesafari
1.2.3
applesafari
1.2.4
applesafari
1.2.5
applesafari
1.3
applesafari
1.3.0
applesafari
1.3.1
applesafari
1.3.2
applesafari
1.3.2:312.5
applesafari
1.3.2:312.6
applesafari
2.0
applesafari
2.0.0
applesafari
2.0.1
applesafari
2.0.2
applesafari
2.0.3
applesafari
2.0.3:417.8
applesafari
2.0.3:417.9
applesafari
2.0.3:417.9.2
applesafari
2.0.3:417.9.3
applesafari
2.0.3_417.9.3:_417.9
applesafari
2.0.4
applesafari
2.0.4_419.3:_419.3
applesafari
2.0_pre:_pre
applesafari
3.0
applesafari
3.0.0
applesafari
3.0.0b:b
applesafari
3.0.1
applesafari
3.0.1:beta
applesafari
3.0.1b:b
applesafari
3.0.2
applesafari
3.0.2b:b
applesafari
3.0.3
applesafari
3.0.3:522.15.5
applesafari
3.0.3b:b
applesafari
3.0.4
applesafari
3.0.4_beta:_beta
applesafari
3.0.4b:b
applesafari
3.1
applesafari
3.1.0
applesafari
3.1.0b:b
applesafari
3.1.1
applesafari
3.1.2
applesafari
3.2
applesafari
3.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
http://www.securityfocus.com/bid/35411
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
http://www.securityfocus.com/bid/35411