Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
References
Configurations
Information
Published : 2009-06-15 12:30
Updated : 2017-08-16 18:30
NVD link : CVE-2009-2058
Mitre link : CVE-2009-2058
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
apple
- safari