Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2070

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-2070
Last Modified 07 Jun 2012 12:12:15
Published 15 Jun 2009 03:30:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2070

Summary

Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.

Vulnerable Systems

Application

  • Opera 5..10

  • Opera 5.0

  • Opera 5.02

  • Opera 5.1

  • Opera 5.10

  • Opera 5.11

  • Opera 5.12

  • Opera 5.2

  • Opera 5.3

  • Opera 5.4

  • Opera 5.5

  • Opera 5.6

  • Opera 5.7

  • Opera 5.8

  • Opera 5.9

  • Opera 6

  • Opera 6.0

  • Opera 6.01

  • Opera 6.02

  • Opera 6.03

  • Opera 6.04

  • Opera 6.05

  • Opera 6.06

  • Opera 6.1

  • Opera 6.11

  • Opera 6.12

  • Opera 7

  • Opera 7.0

  • Opera 7.01

  • Opera 7.02

  • Opera 7.03

  • Opera 7.10

  • Opera 7.11

  • Opera 7.20

  • Opera 7.21

  • Opera 7.22

  • Opera 7.23

  • Opera 7.30

  • Opera 7.50

  • Opera 7.51

  • Opera 7.52

  • Opera 7.54

  • Opera 7.55

  • Opera 8.0

  • Opera 8.01

  • Opera 8.02

  • Opera 8.51

  • Opera 8.52

  • Opera 8.53

  • Opera 8.54

  • Opera 9.0

  • Opera 9.01

  • Opera 9.02

  • Opera 9.10

  • Opera 9.20

  • Opera 9.21

  • Opera 9.23

  • Opera Browser -


References

BID - 35411

MISC - http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

MISC - http://research.microsoft.com/apps/pubs/default.aspx?id=79323


Last Updated: 27 May 2016 10:57:32