← voltar
CVE-2009-2072

CVE-2009-2072

EPSS 0.3%
Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://research.microsoft.com/apps/pubs/default.aspx?id=79323http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdfhttp://www.securityfocus.com/bid/35411