Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0089


Vulnerability Score 5.8 5.8
CVE Id CVE-2009-0089
Last Modified 21 Aug 2010 01:29:43
Published 15 Apr 2009 04:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows Server 2003

  • Microsoft Windows Server 2008

  • Microsoft Windows Vista

  • Microsoft Windows Xp


CERT - TA09-104A

MS - MS09-013

VUPEN - ADV-2009-1027

SECTRACK - 1022041

BID - 34437

SECUNIA - 34677

Last Updated: 27 May 2016 10:50:06