Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2066

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-2066
Last Modified 24 Jun 2009 01:34:44
Published 15 Jun 2009 03:30:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2066

Summary

Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

Vulnerable Systems

Application

  • Apple Safari 0.8

  • Apple Safari 0.9

  • Apple Safari 1.0

  • Apple Safari 1.0.0

  • Apple Safari 1.0.0b1

  • Apple Safari 1.0.0b2

  • Apple Safari 1.0.1

  • Apple Safari 1.0.2

  • Apple Safari 1.0.3

  • Apple Safari 1.1

  • Apple Safari 1.1.0

  • Apple Safari 1.1.1

  • Apple Safari 1.2

  • Apple Safari 1.2.0

  • Apple Safari 1.2.1

  • Apple Safari 1.2.2

  • Apple Safari 1.2.3

  • Apple Safari 1.2.4

  • Apple Safari 1.2.5

  • Apple Safari 1.3

  • Apple Safari 1.3.0

  • Apple Safari 1.3.1

  • Apple Safari 1.3.2

  • Apple Safari 2

  • Apple Safari 2.0

  • Apple Safari 2.0 Pre

  • Apple Safari 2.0.0

  • Apple Safari 2.0.1

  • Apple Safari 2.0.2

  • Apple Safari 2.0.3

  • Apple Safari 2.0.3 417.9.3

  • Apple Safari 2.0.4

  • Apple Safari 2.0.4 419.3

  • Apple Safari 3

  • Apple Safari 3.0

  • Apple Safari 3.0.0

  • Apple Safari 3.0.0b

  • Apple Safari 3.0.1

  • Apple Safari 3.0.1b

  • Apple Safari 3.0.2

  • Apple Safari 3.0.2b

  • Apple Safari 3.0.3

  • Apple Safari 3.0.3b

  • Apple Safari 3.0.4

  • Apple Safari 3.0.4 Beta

  • Apple Safari 3.0.4b

  • Apple Safari 3.1

  • Apple Safari 3.1.0

  • Apple Safari 3.1.0b

  • Apple Safari 3.1.1

  • Apple Safari 3.1.2

  • Apple Safari 3.2

  • Apple Safari 3.2.0

  • Apple Safari 3.2.1


References

XF - safari-http-security-bypass(51187)

BID - 35403

MISC - http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

MISC - http://research.microsoft.com/apps/pubs/default.aspx?id=79323


Last Updated: 27 May 2016 10:50:46