6.8

CVE-2009-2066

Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

Data is provided by the National Vulnerability Database (NVD)
AppleSafari Version <= 3.2.1
AppleSafari Version0.8
AppleSafari Version0.9
AppleSafari Version1.0
AppleSafari Version1.0 Updatebeta
AppleSafari Version1.0 Updatebeta2
AppleSafari Version1.0.0
AppleSafari Version1.0.0b1
AppleSafari Version1.0.0b2
AppleSafari Version1.0.1
AppleSafari Version1.0.2
AppleSafari Version1.0.3
AppleSafari Version1.0.3 Update85.8
AppleSafari Version1.0.3 Update85.8.1
AppleSafari Version1.1
AppleSafari Version1.1.0
AppleSafari Version1.1.1
AppleSafari Version1.2
AppleSafari Version1.2.0
AppleSafari Version1.2.1
AppleSafari Version1.2.2
AppleSafari Version1.2.3
AppleSafari Version1.2.4
AppleSafari Version1.2.5
AppleSafari Version1.3
AppleSafari Version1.3.0
AppleSafari Version1.3.1
AppleSafari Version1.3.2
AppleSafari Version1.3.2 Update312.5
AppleSafari Version1.3.2 Update312.6
AppleSafari Version2
AppleSafari Version2.0
AppleSafari Version2.0.0
AppleSafari Version2.0.1
AppleSafari Version2.0.2
AppleSafari Version2.0.3
AppleSafari Version2.0.3 Update417.8
AppleSafari Version2.0.3 Update417.9
AppleSafari Version2.0.3 Update417.9.2
AppleSafari Version2.0.3 Update417.9.3
AppleSafari Version2.0.3_417.9.3
AppleSafari Version2.0.4
AppleSafari Version2.0.4_419.3
AppleSafari Version2.0_pre
AppleSafari Version3
AppleSafari Version3.0
AppleSafari Version3.0.0
AppleSafari Version3.0.0b
AppleSafari Version3.0.1
AppleSafari Version3.0.1 Updatebeta
AppleSafari Version3.0.1b
AppleSafari Version3.0.2
AppleSafari Version3.0.2b
AppleSafari Version3.0.3
AppleSafari Version3.0.3 Update522.15.5
AppleSafari Version3.0.3b
AppleSafari Version3.0.4
AppleSafari Version3.0.4_beta
AppleSafari Version3.0.4b
AppleSafari Version3.1
AppleSafari Version3.1.0
AppleSafari Version3.1.0b
AppleSafari Version3.1.1
AppleSafari Version3.1.2
AppleSafari Version3.2
AppleSafari Version3.2.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.3% 0.502
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.