Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2063

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-2063
Last Modified 07 Jun 2012 12:00:00
Published 15 Jun 2009 03:30:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2063

Summary

Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.

Vulnerable Systems

Application

  • Opera 5..10

  • Opera 5.0

  • Opera 5.02

  • Opera 5.1

  • Opera 5.10

  • Opera 5.11

  • Opera 5.12

  • Opera 5.2

  • Opera 5.3

  • Opera 5.4

  • Opera 5.5

  • Opera 5.6

  • Opera 5.7

  • Opera 5.8

  • Opera 5.9

  • Opera 6

  • Opera 6.0

  • Opera 6.01

  • Opera 6.02

  • Opera 6.03

  • Opera 6.04

  • Opera 6.05

  • Opera 6.06

  • Opera 6.1

  • Opera 6.11

  • Opera 6.12

  • Opera 7

  • Opera 7.0

  • Opera 7.01

  • Opera 7.02

  • Opera 7.03

  • Opera 7.10

  • Opera 7.11

  • Opera 7.20

  • Opera 7.21

  • Opera 7.22

  • Opera 7.23

  • Opera 7.30

  • Opera 7.50

  • Opera 7.51

  • Opera 7.52

  • Opera 7.54

  • Opera 7.55

  • Opera 8.0

  • Opera 8.01

  • Opera 8.02

  • Opera 8.51

  • Opera 8.52

  • Opera 8.53

  • Opera 8.54

  • Opera 9.0

  • Opera 9.01

  • Opera 9.02

  • Opera 9.10

  • Opera 9.20

  • Opera 9.21

  • Opera 9.23

  • Opera Browser 1.00

  • Opera Browser 2.00

  • Opera Browser 2.10

  • Opera Browser 2.12

  • Opera Browser 3.00

  • Opera Browser 3.10

  • Opera Browser 3.21

  • Opera Browser 3.50

  • Opera Browser 3.51

  • Opera Browser 3.60

  • Opera Browser 3.61

  • Opera Browser 3.62

  • Opera Browser 4.00

  • Opera Browser 4.01

  • Opera Browser 4.02

  • Opera Browser 5.0

  • Opera Browser 5.02

  • Opera Browser 5.10

  • Opera Browser 5.11

  • Opera Browser 5.12

  • Opera Browser 6.0

  • Opera Browser 6.01

  • Opera Browser 6.02

  • Opera Browser 6.03

  • Opera Browser 6.04

  • Opera Browser 6.05

  • Opera Browser 6.06

  • Opera Browser 6.1

  • Opera Browser 6.11

  • Opera Browser 6.12

  • Opera Browser 7.0

  • Opera Browser 7.01

  • Opera Browser 7.02

  • Opera Browser 7.03

  • Opera Browser 7.10

  • Opera Browser 7.11

  • Opera Browser 7.20

  • Opera Browser 7.21

  • Opera Browser 7.22

  • Opera Browser 7.23

  • Opera Browser 7.50

  • Opera Browser 7.51

  • Opera Browser 7.52

  • Opera Browser 7.53

  • Opera Browser 7.54

  • Opera Browser 7.60

  • Opera Browser 8.0

  • Opera Browser 8.01

  • Opera Browser 8.02

  • Opera Browser 8.50

  • Opera Browser 8.51

  • Opera Browser 8.52

  • Opera Browser 8.53

  • Opera Browser 8.54

  • Opera Browser 9.0

  • Opera Browser 9.01

  • Opera Browser 9.02

  • Opera Browser 9.10

  • Opera Browser 9.12

  • Opera Browser 9.20

  • Opera Browser 9.21

  • Opera Browser 9.22

  • Opera Browser 9.23

  • Opera Browser 9.24


References

XF - opera-httpconnect-code-execution(51204)

BID - 35412

MISC - http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

MISC - http://research.microsoft.com/apps/pubs/default.aspx?id=79323


Last Updated: 27 May 2016 10:49:37