CVE Vulnerabilities

CVE-2009-2062

Improper Authentication

Published: Jun 15, 2009 | Modified: Aug 17, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site’s context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Safari Apple 0.8 0.8
Safari Apple 0.9 0.9
Safari Apple 1.0 1.0
Safari Apple 1.0 1.0
Safari Apple 1.0 1.0
Safari Apple 1.0.0 1.0.0
Safari Apple 1.0.0b1 1.0.0b1
Safari Apple 1.0.0b2 1.0.0b2
Safari Apple 1.0.1 1.0.1
Safari Apple 1.0.2 1.0.2
Safari Apple 1.0.3 1.0.3
Safari Apple 1.0.3 1.0.3
Safari Apple 1.0.3 1.0.3
Safari Apple 1.1 1.1
Safari Apple 1.1.0 1.1.0
Safari Apple 1.1.1 1.1.1
Safari Apple 1.2 1.2
Safari Apple 1.2.0 1.2.0
Safari Apple 1.2.1 1.2.1
Safari Apple 1.2.2 1.2.2
Safari Apple 1.2.3 1.2.3
Safari Apple 1.2.4 1.2.4
Safari Apple 1.2.5 1.2.5
Safari Apple 1.3 1.3
Safari Apple 1.3.0 1.3.0
Safari Apple 1.3.1 1.3.1
Safari Apple 1.3.2 1.3.2
Safari Apple 1.3.2 1.3.2
Safari Apple 1.3.2 1.3.2
Safari Apple 2 2
Safari Apple 2.0 2.0
Safari Apple 2.0.0 2.0.0
Safari Apple 2.0.1 2.0.1
Safari Apple 2.0.2 2.0.2
Safari Apple 2.0.3 2.0.3
Safari Apple 2.0.3 2.0.3
Safari Apple 2.0.3 2.0.3
Safari Apple 2.0.3 2.0.3
Safari Apple 2.0.3 2.0.3
Safari Apple 2.0.3_417.9.3 2.0.3_417.9.3
Safari Apple 2.0.4 2.0.4
Safari Apple 2.0.4_419.3 2.0.4_419.3
Safari Apple 2.0_pre 2.0_pre
Safari Apple 3 3
Safari Apple 3.0 3.0
Safari Apple 3.0.0 3.0.0
Safari Apple 3.0.0b 3.0.0b
Safari Apple 3.0.1 3.0.1
Safari Apple 3.0.1 3.0.1
Safari Apple 3.0.1b 3.0.1b
Safari Apple 3.0.2 3.0.2
Safari Apple 3.0.2b 3.0.2b
Safari Apple 3.0.3 3.0.3
Safari Apple 3.0.3 3.0.3
Safari Apple 3.0.3b 3.0.3b
Safari Apple 3.0.4 3.0.4
Safari Apple 3.0.4_beta 3.0.4_beta
Safari Apple 3.0.4b 3.0.4b
Safari Apple 3.1 3.1
Safari Apple 3.1.0 3.1.0
Safari Apple 3.1.0b 3.1.0b
Safari Apple 3.1.1 3.1.1
Safari Apple 3.1.2 3.1.2
Safari Apple 3.2 3.2
Safari Apple 3.2.0 3.2.0
Safari Apple * 3.2.1

Potential Mitigations

References