CVE-2009-1682

Apple Safari before 4.0 does not properly check for revoked Extended Validation (EV) certificates, which makes it easier for remote attackers to trick a user into accepting an invalid certificate.

Affected Software

Name	Vendor	Start Version	End Version
Safari	Apple	*	4.0_beta (including)
Safari	Apple	0.8 (including)	0.8 (including)
Safari	Apple	0.9 (including)	0.9 (including)
Safari	Apple	1.0 (including)	1.0 (including)
Safari	Apple	1.0.3 (including)	1.0.3 (including)
Safari	Apple	1.1 (including)	1.1 (including)
Safari	Apple	1.2 (including)	1.2 (including)
Safari	Apple	1.3 (including)	1.3 (including)
Safari	Apple	1.3.1 (including)	1.3.1 (including)
Safari	Apple	1.3.2 (including)	1.3.2 (including)
Safari	Apple	2.0 (including)	2.0 (including)
Safari	Apple	2.0.2 (including)	2.0.2 (including)
Safari	Apple	2.0.4 (including)	2.0.4 (including)
Safari	Apple	3.0 (including)	3.0 (including)
Safari	Apple	3.0.2 (including)	3.0.2 (including)
Safari	Apple	3.0.3 (including)	3.0.3 (including)
Safari	Apple	3.0.4 (including)	3.0.4 (including)
Safari	Apple	3.1 (including)	3.1 (including)
Safari	Apple	3.1.1 (including)	3.1.1 (including)
Safari	Apple	3.1.2 (including)	3.1.2 (including)
Safari	Apple	3.2.1 (including)	3.2.1 (including)
Safari	Apple	3.2.3 (including)	3.2.3 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-1682
CWE	https://cwe.mitre.org/data/definitions/255.html

Affected Software

References