Lucene search
MitreCVE-2009-2058HistoryJun 15, 2009 - 7:30 p.m.
CVE-2009-2058
2009-06-1519:30:05
CWE-287
mitre
web.nvd.nist.gov
32
cve-2009-2058
apple safari
ssl tampering
vulnerability
http host header
proxy server
man-in-the-middle attack
web script
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.6
Confidence
High
EPSS
0.002
Percentile
51.4%
Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an “SSL tampering” attack.
Affected configurations
Node
applesafariRange≤3.2.2
Related
nvd
nvd
CVE-2009-2058
2009-06-15 19:30:05
prion
prion
Hardcoded credentials
2009-06-15 19:30:00
cvelist
cvelist
CVE-2009-2058
2009-06-15 19:00:00
openvas
openvas
Apple Safari Web Script Execution Vulnerabilities (Jun 2009)
2009-06-17 00:00:00
nessus
nessus
Safari < 3.2.3 Multiple Vulnerabilities
2009-05-13 00:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.6
Confidence
High
EPSS
0.002
Percentile
51.4%
Related for CVE-2009-2058