Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2058

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-2058
Last Modified 23 Jun 2009 01:33:40
Published 15 Jun 2009 03:30:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2058

Summary

Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

Vulnerable Systems

Application

  • Apple Safari 3.2.2


References

XF - safari-connect-code-execution(51193)

MISC - http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

MISC - http://research.microsoft.com/apps/pubs/default.aspx?id=79323


Last Updated: 27 May 2016 10:50:46