FKIE_CVE-2009-2072

Vulnerability from fkie_nvd - Published: 2009-06-15 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server.
References
cve@mitre.orghttp://research.microsoft.com/apps/pubs/default.aspx?id=79323
cve@mitre.orghttp://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
cve@mitre.orghttp://www.securityfocus.com/bid/35411
af854a3a-2127-422b-91ae-364da2661108http://research.microsoft.com/apps/pubs/default.aspx?id=79323
af854a3a-2127-422b-91ae-364da2661108http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/35411
Impacted products
Vendor Product Version
apple safari *
apple safari 0.8
apple safari 0.9
apple safari 1.0
apple safari 1.0
apple safari 1.0
apple safari 1.0.0
apple safari 1.0.0b1
apple safari 1.0.0b2
apple safari 1.0.1
apple safari 1.0.2
apple safari 1.0.3
apple safari 1.0.3
apple safari 1.0.3
apple safari 1.1
apple safari 1.1.0
apple safari 1.1.1
apple safari 1.2
apple safari 1.2.0
apple safari 1.2.1
apple safari 1.2.2
apple safari 1.2.3
apple safari 1.2.4
apple safari 1.2.5
apple safari 1.3
apple safari 1.3.0
apple safari 1.3.1
apple safari 1.3.2
apple safari 1.3.2
apple safari 1.3.2
apple safari 2
apple safari 2.0
apple safari 2.0.0
apple safari 2.0.1
apple safari 2.0.2
apple safari 2.0.3
apple safari 2.0.3
apple safari 2.0.3
apple safari 2.0.3
apple safari 2.0.3
apple safari 2.0.3_417.9.3
apple safari 2.0.4
apple safari 2.0.4_419.3
apple safari 2.0_pre
apple safari 3
apple safari 3.0
apple safari 3.0.0
apple safari 3.0.0b
apple safari 3.0.1
apple safari 3.0.1
apple safari 3.0.1b
apple safari 3.0.2
apple safari 3.0.2b
apple safari 3.0.3
apple safari 3.0.3
apple safari 3.0.3b
apple safari 3.0.4
apple safari 3.0.4_beta
apple safari 3.0.4b
apple safari 3.1
apple safari 3.1.0
apple safari 3.1.0b
apple safari 3.1.1
apple safari 3.1.2
apple safari 3.2
apple safari 3.2.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6BD2EE-4CD1-4F19-9710-FEE247C69521",
              "versionEndIncluding": "3.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09F4ADD0-449B-4DDD-9878-DE86CBD56756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E0AECB7-FE62-4664-B3B8-8161DA6DA4BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A419AE8-F5A2-4E25-9004-AAAB325E201A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "64FE1AA1-32D1-4825-8B2B-E66093937D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "E760CD65-A10E-44F1-B835-DA6B77057C93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "30663B7F-3EDA-4B6B-9F39-65E2CEEB4543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0.0b1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91A09DA0-83E9-491D-A0A5-AF97B5463D62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0.0b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91C7EF0-A56B-40E6-9CED-1228405D034E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE6078B0-4756-4E04-BAC4-C4EC90548A9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B5A3F2-70EE-4ECD-AD6A-0A72D9EBC755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C87EDB53-FB6E-4B10-B890-A7195D841C5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0.3:85.8:*:*:*:*:*:*",
              "matchCriteriaId": "957FCFC4-565A-4F2F-8D3D-D0982E1723F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0.3:85.8.1:*:*:*:*:*:*",
              "matchCriteriaId": "22A450DC-CDF5-4EA0-A703-AFB3DEFE1395",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "857C92E2-6870-409A-9457-75F8C5C7B959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FD75A4F-F529-4F5E-957D-380215F7B21B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "834EC299-2010-4306-8CEE-35D735583101",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "443FF271-A3AB-4659-80B2-89F771BF5371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D29B98E-2F62-4F6F-976D-FEC4EB07F106",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3112AFEB-7893-467C-8B45-A44D5697BB79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FC83309-3A97-4619-B5C1-574610838BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "891514D5-50C8-4EDC-81C5-24ABF8BCC022",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "25032A3A-9D05-4E69-9A22-C9B332976769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF75A31C-FE42-4CB4-A0E6-0CAB7B122483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EDD80AB-2A6C-47FF-A1E9-DEB273C6B4E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EAC0DC3-7B55-49BC-89BC-C588E6FC6828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9315ADD-5B97-4639-9B59-806EFD7BC247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7DD81AB-27D6-4CB0-BBF0-5710DAD55A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3.2:312.5:*:*:*:*:*:*",
              "matchCriteriaId": "21BAC0B8-063C-4772-8F1B-EB9A2F7A585C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.3.2:312.6:*:*:*:*:*:*",
              "matchCriteriaId": "6BAB4071-A883-4E04-BDDF-A121C4738E61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E44913D-BC8B-4AA1-84EB-EFEAC531B475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3889ED-9329-4C84-A173-2553BEAE3EDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B74019F-C365-4E13-BBB4-D84AD9C1F87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E0E57D5-A7C9-4985-8CE4-E0D4B8BBF371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "06494FA8-F12A-435A-97A4-F38C58DF43F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1BB047B-D45E-4695-AAEB-D0830DB1663E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*",
              "matchCriteriaId": "018A7A39-2AFD-47A9-AE88-7ABDBFE5EDA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*",
              "matchCriteriaId": "1082B33F-33B5-453A-A5AA-10F65AB2E625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*",
              "matchCriteriaId": "6CF4DB54-AA7E-44C3-83E3-1A8971719D5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*",
              "matchCriteriaId": "EC348464-F08D-4ABF-BB90-3FA93C786F34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.3_417.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "61652033-FD15-47D6-8B18-CF28E6CE346C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFDCF83E-620C-40FA-9901-5D939E315143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0.4_419.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D113B5-070D-4F91-AB5E-222D71C90EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:2.0_pre:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E86DEDD-ABDC-46BD-BAD3-A409635F7801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3BAE980-449F-4F8C-A5BC-6CB7226E971A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A33F900-D405-40A8-A0A5-3C80320FF6E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4444A309-5A97-4E1C-B4EA-C4A070A98CBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B29951B-9A98-45B7-8E4B-5515C048EC52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEB23DE-1A9D-480E-8B8B-9F110A8ABDE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "4CED950D-38AB-4D66-B97A-FB982D86057F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0FDEB4F-133A-43DF-A89B-53E249F1293D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E78F43-07BD-4D62-9512-DA738A92BC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AE25E9E-826E-4782-AED8-AC6297B18D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3180366-2240-467E-8AB9-BEA0430948F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.3:522.15.5:*:*:*:*:*:*",
              "matchCriteriaId": "63FEA310-C6F2-4F2A-ABA8-6468308E3569",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5E834B8-545E-4472-9D60-B4CF1340D62C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AB9CC52-E533-4306-9E92-73C84B264D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.4_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "02C814DE-1884-4F3E-944D-068F7FD55B70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*",
              "matchCriteriaId": "14A5CA99-8B1C-4C35-85E3-DB0495444A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "912A26D1-3264-464F-B101-1796B35437E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "01D8C2EF-D552-4279-A12E-70E292F39E31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00082E3-EBF5-4C23-9F57-BF73E587FC05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C453B588-15FD-4A9C-8BC1-6202A21DAE02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "460A6F14-7CCE-47CA-BE0C-6DF32CD6A8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DD634B1-4986-4E80-8BDC-58941893F6BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15BB6761-3581-4AE6-85E0-1609D15D7618",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server."
    },
    {
      "lang": "es",
      "value": "Apple Safari no requiere un certificado cacheado antes de mostrar el icono del candado para una p\u00e1gina https, lo que permite a los atacantes \"hombre en el medio\" suplantar una p\u00e1gina web https enviando al navegador una p\u00e1gina de respuesta de CONEXI\u00d3N manipulada para una petici\u00f3n https enviada a trav\u00e9s de un servidor proxy."
    }
  ],
  "id": "CVE-2009-2072",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-06-15T19:30:05.767",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/35411"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/35411"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.