Lucene search

[email protected]CVE-2009-2070

HistoryJun 15, 2009 - 7:30 p.m.

CVE-2009-2070

2009-06-1519:30:05

CWE-287

[email protected]

web.nvd.nist.gov

opera

cache-bypass

vulnerability

spoofing

https

sites

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.2%

JSON

Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.

Affected configurations

NVD

Node

operaopera_browserMatch-

CPENameOperatorVersion
opera:opera_browseropera opera browsereq-

CPE	Name	Operator	Version
opera:opera_browser	opera opera browser	eq	-

References

research.microsoft.com/apps/pubs/default.aspx?id=79323

research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

www.securityfocus.com/bid/35411

Social References

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.2%

JSON

Related for CVE-2009-2070

cvelist1 nvd1 prion1 openvas8 nessus4 gentoo1