CVE-2009-2058
Apple Safari < 3.2.2 - Cross-Site Scripting via Proxy CONNECT Response
Title source: llmDescription
Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51193
Vendor Advisory x_refsource_misc
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
Vendor Advisory x_refsource_misc
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
Scores
EPSS
0.0097
EPSS Percentile
57.3%
Details
CWE
CWE-287
Status
published
Products (1)
apple/safari
< 3.2.2
Published
Jun 15, 2009
Tracked Since
Feb 18, 2026