NVD

Id
49334  
Name
CVE-2009-2072  
Description
Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server.  
Reject
 
CVSS Version
2  
CVSS Score
5.4  
Severity
Medium  
CVSS Base Score
5.4  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
5.5  
CVSS Vector
(AV:A/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2009-06-15  
Modified Date
2009-06-23  
Seq
2009-2072  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
249758 49334 CVE-2009-2072 http://research.microsoft.com/apps/pubs/default.aspx?id=79323  View
249759 49334 CVE-2009-2072 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf  View
249760 49334 CVE-2009-2072 35411  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
42497 JVNDB-2009-003504 Apple Safari における任意の https サイトを偽装される脆弱性 Apple Safari は、https の Web サイトに対し鍵アイコンを表示する前にキャッシュされた証明書を要求しないため、任意の https サイトを偽装される脆弱性が存在します。 CVE-2009-2072 39503 CVE-2009-2072 49334 5.4 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003504.html 2009-06-15 2012-06-26 View