Unrated severityNVD Advisory· Published Jun 15, 2009· Updated Jun 16, 2026
CVE-2009-2058
CVE-2009-2058
Description
Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Affected products
2cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*range: <=3.2.2
- (no CPE)range: <3.2.2
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.