3 matches found
多个浏览器WEB代理重定向处理中间人漏洞
Bugraq ID: 35412 CVE ID:CVE-2009-2061 CVE-2009-2062 CVE-2009-2063 多个浏览器处理WEB代理重定向存在中间人攻击。 攻击者可以利用这个漏洞进行钓鱼攻击或获得敏感信息。不过要利用此漏洞,攻击者必须截获或控制网络通信,如通过中间人,DNS毒药等攻击。 如下浏览器受此漏洞影响: Mozilla Firefox prior to 3.0.10 Apple Safari prior to 3.2.2 Opera prior to 9.25 Opera Software Opera Web Browser 8.51 Opera...
CVE-2009-2062
Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site...
CVE-2009-2062
CVE-2009-2062 concerns Apple Safari prior to 3.2.2. The issue: when handling an HTTPS site, Safari processes a 3xx HTTP CONNECT response before SSL handshake completes, allowing a man‑in‑the‑middle attacker to modify the response to redirect to an arbitrary HTTPS site. This can enable arbitrary w...