VU#905344: HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected
HTTP CONNECT requests and 407 Proxy Authentication Required messages are not integrity protected and are susceptible to man-in-the-middle attacks. WebKit-based applications are additionally vulnerable to arbitrary HTML markup and JavaScript execution in the context of the originally requested domain. Continue reading VU#905344: HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected