Vulnerabilities

CVE-2009-2072

by Fred · 15/06/2009

Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server.

Date published : 2009-06-15

http://www.securityfocus.com/bid/35411

http://research.microsoft.com/apps/pubs/default.aspx?id=79323

Similar

Tags: Cybersecurity Alert