CVE-2009-2058Improper Authentication in Apple Safari

CWE-287Improper Authentication2 documents2 sources
Severity
6.8MEDIUMNVD
EPSS
0.3%
top 49.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedJun 15
Latest updateMay 2

Description

Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDapple/safari3.2.2

🔴Vulnerability Details

1
GHSA
GHSA-pqw6-9pgr-fr4x: Apple Safari before 32022-05-02