CVE-2009-2072

2009-06-15T19:30:00
ID CVE-2009-2072
Type cve
Reporter cve@mitre.org
Modified 2009-06-23T05:33:00

Description

Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server.