CVE-2009-2066Improper Authentication in Apple Safari

CWE-287Improper Authentication2 documents2 sources
Severity
6.8MEDIUMNVD
EPSS
0.3%
top 46.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedJun 15
Latest updateMay 2

Description

Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDapple/safari3.2.1+53

🔴Vulnerability Details

1
GHSA
GHSA-q48j-6v3w-g92f: Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arb2022-05-02