CVE-2009-2072

CVE-2009-2072 · MEDIUM Severity

AV:A/AC:M/AU:N/C:P/I:P/A:P

Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server.

Learn more about our Web App Pen Testing.