Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Safari < 3.2.2 Multiple Vulnerabilities

High

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

The version of Safari installed on the remote Windows host is earlier than 3.2.2. Such versions reportedly have multiple vulnerabilities :

- Multiple input validation issues in their handling of 'feed: ' URLs, which could be abused to execute arbitrary JavaScript code in the local security zone. (CVE-2009-0137)

- A cached certificate is not required before displaying a lock icon for a HTTPS web site. This allows a man-in-the-middle attacker to present the user with spoofed web pages over HTTPS that appear to be from a legitimate source. (CVE-2009-2072)

- The browser processes a 3xxx HTTP CONNECT before a successful SSL handshake, which could allow a man-in-the-midddle attacker to execute arbitrary script code in the context of a HTTPS site. (CVE-2009-2062)

Solution

Upgrade to version 3.2.2 or higher.