CVE-2009-2072

Name of the Vulnerable Software and Affected Versions Apple Safari (affected versions not specified)

Description The issue allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response page for an https request sent through a proxy server. This is possible because Apple Safari does not require a cached certificate before displaying a lock icon for an https web site.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.