Lucene search

[email protected]NVD:CVE-2009-2059

HistoryJun 15, 2009 - 7:30 p.m.

CVE-2009-2059

2009-06-1519:30:05

CWE-287

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.6%

JSON

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an “SSL tampering” attack.

Affected configurations

NVD

Node

operaopera_browserRange≤9.22

operaopera_browserMatch7.0

operaopera_browserMatch7.23

operaopera_browserMatch7.53

operaopera_browserMatch7.54

operaopera_browserMatch7.60

operaopera_browserMatch8.0

operaopera_browserMatch8.01

operaopera_browserMatch8.02

operaopera_browserMatch8.50

operaopera_browserMatch8.51

operaopera_browserMatch8.52

operaopera_browserMatch8.53

operaopera_browserMatch8.54

operaopera_browserMatch9.0

operaopera_browserMatch9.01

operaopera_browserMatch9.02

operaopera_browserMatch9.10

operaopera_browserMatch9.12

operaopera_browserMatch9.20

operaopera_browserMatch9.21

References

research.microsoft.com/apps/pubs/default.aspx?id=79323

research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for NVD:CVE-2009-2059

prion1 cvelist1 cve1 openvas6 nessus5 gentoo1