This host has Safari browser installed and is prone to Web Script Execution vulnerabilities.

Successful exploitation will allow attacker to execute arbitrary web script in an https site's context and spoof an arbitrary https site by letting a browser obtain a valid certificate. Impact Level: Application

- Error in processes a '3xx' HTTP CONNECT response before a successful SSL handshake, which can be exploited by modifying the CONNECT response to specify a 302 redirect to an arbitrary https web site. - Error exists while the HTTP Host header to determine the context of a document provided in a '4xx' or '5xx' CONNECT response from a proxy server, which can be exploited by modifying this CONNECT response, aka an 'SSL tampering' attack. - Error is caused when application does not require a cached certificate before displaying a lock icon for an https web site, while sending the browser a crafted '4xx' or '5xx' CONNECT response page for an https request sent through a proxy server. - Detects http content in https web pages only when the top-level frame uses https. This can be exploited by modifying an http page to include an https iframe that references a script file on an http site, related to 'HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.'

Safari version prior to 3.2.2 on Windows.

• http://research.microsoft.com/apps/pubs/default.aspx?id=79323
• http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

---

Updated on 2015-03-25