Vulnerability Database

290,300

Total vulnerabilities in the database

CVE-2009-2066

Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

  • Published: Jun 15, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-2066
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
apple / safari 3.0.4b 3.0.4b.x
apple / safari 1.3.0 1.3.0.x
apple / safari 1.0.3-85.8 1.0.3-85.8.x
apple / safari 2.0.3-417.9.3 2.0.3-417.9.3.x
apple / safari 1.3.2 1.3.2.x
apple / safari 2 2.x
apple / safari 1.1.1 1.1.1.x
apple / safari 3.0.4 3.0.4.x
apple / safari 1.2.2 1.2.2.x
apple / safari 3.0.1-beta 3.0.1-beta.x
apple / safari 2.0.1 2.0.1.x
apple / safari 2.0.3 2.0.3.x
apple / safari 1.0.3 1.0.3.x
apple / safari 2.0.2 2.0.2.x
apple / safari 1.0.2 1.0.2.x
apple / safari 3.0.0 3.0.0.x
apple / safari 3.0.1 3.0.1.x
apple / safari 3.0.2 3.0.2.x
apple / safari 1.0 1.0.x
apple / safari 2.0.4_419.3 2.0.4_419.3.x
apple / safari 3.0.3b 3.0.3b.x
apple / safari 3.1.1 3.1.1.x
apple / safari 1.3 1.3.x
apple / safari 3.1 3.1.x
apple / safari 2.0.3-417.9 2.0.3-417.9.x
apple / safari 1.2.5 1.2.5.x
apple / safari 2.0.3-417.9.2 2.0.3-417.9.2.x
apple / safari 3.2 3.2.x
apple / safari 3.0.3 3.0.3.x
apple / safari 2.0 2.0.x
apple / safari 1.2.4 1.2.4.x
apple / safari 1.0.1 1.0.1.x
apple / safari - 3.2.1.x
apple / safari 2.0.3-417.8 2.0.3-417.8.x
apple / safari 3.1.2 3.1.2.x
apple / safari 1.2.1 1.2.1.x
apple / safari 3.1.0b 3.1.0b.x
apple / safari 1.0.3-85.8.1 1.0.3-85.8.1.x
apple / safari 3.1.0 3.1.0.x
apple / safari 1.0-beta 1.0-beta.x
apple / safari 0.8 0.8.x
apple / safari 2.0.4 2.0.4.x
apple / safari 1.0-beta2 1.0-beta2.x
apple / safari 1.1 1.1.x
apple / safari 1.3.2-312.5 1.3.2-312.5.x
apple / safari 3.0.0b 3.0.0b.x
apple / safari 1.3.1 1.3.1.x
apple / safari 2.0.0 2.0.0.x
apple / safari 3.2.0 3.2.0.x
apple / safari 1.1.0 1.1.0.x
apple / safari 3.0.2b 3.0.2b.x
apple / safari 1.2 1.2.x
apple / safari 1.2.0 1.2.0.x
apple / safari 3.0.1b 3.0.1b.x
apple / safari 2.0_pre 2.0_pre.x
apple / safari 1.0.0b1 1.0.0b1.x
apple / safari 3.0 3.0.x
apple / safari 3.0.4_beta 3.0.4_beta.x
apple / safari 3.0.3-522.15.5 3.0.3-522.15.5.x
apple / safari 2.0.3_417.9.3 2.0.3_417.9.3.x
apple / safari 1.0.0 1.0.0.x
apple / safari 1.2.3 1.2.3.x
apple / safari 1.3.2-312.6 1.3.2-312.6.x
apple / safari 3 3.x
apple / safari 1.0.0b2 1.0.0b2.x
apple / safari 0.9 0.9.x