Lucene search

[email protected]NVD:CVE-2009-2058

HistoryJun 15, 2009 - 7:30 p.m.

CVE-2009-2058

2009-06-1519:30:05

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an “SSL tampering” attack.

Affected configurations

Nvd

Node

applesafariRange≤3.2.2

VendorProductVersionCPE
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	*	cpe:2.3:a:apple:safari::::::::

References

research.microsoft.com/apps/pubs/default.aspx?id=79323

research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

exchange.xforce.ibmcloud.com/vulnerabilities/51193

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

High

EPSS

0.002

Percentile

51.4%

JSON

Related for NVD:CVE-2009-2058

prion1 cvelist1 cve1 openvas1 nessus1