CVE-2009-2062
Apple Safari < 3.2.2 - Man-in-the-Middle Script Execution via 3xx CONNECT Response
Title source: llmDescription
Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51202
Vendor Advisory x_refsource_misc
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35412
Vendor Advisory x_refsource_misc
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
Scores
EPSS
0.0100
EPSS Percentile
58.4%
Details
CWE
CWE-287
Status
published
Products (39)
apple/safari
0.8
apple/safari
0.9
apple/safari
1.0 (3 CPE variants)
apple/safari
1.0.0
apple/safari
1.0.0b1
apple/safari
1.0.0b2
apple/safari
1.0.1
apple/safari
1.0.2
apple/safari
1.0.3 (3 CPE variants)
apple/safari
1.1
... and 29 more
Published
Jun 15, 2009
Tracked Since
Feb 18, 2026