CVE-2009-2072

Metadata

CVE-2009-2072
5.4
research.microsoft.com, research.microsoft.com, securityfocus.com
2009-06-15
2017-06-06 20:20

Description

Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server.

Related Vulnerabilities