Safari < 3.2.2 Multiple Vulnerabilities
High Nessus Plugin ID 35687
SynopsisThe remote host contains a web browser with multiple vulnerabilities.
DescriptionThe version of Safari installed on the remote Windows host is earlier than 3.2.2. Such versions reportedly have multiple security vulnerabilities :
- A cached certificate is not required before displaying a lock icon for a HTTPS website. This allows a man- in-the-middle attacker to present the user with spoofed web pages over HTTPS that appear to be from a legitimate source.
- The browser processes a 3xx HTTP CONNECT before a successful SSL handshake, which could allow a man-in- the-middle attacker to execute arbitrary script code in the context of a HTTPS site.
SolutionUpgrade to Safari 3.2.2 or later.