CVE-2009-2069

Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
http://www.securityfocus.com/bid/35411

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:internet_explorer:3.0:::::::*
	cpe:2.3:a:microsoft:internet_explorer:3.0.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.01:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.01:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:4.70.1215:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.70.1300:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.0:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp3::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:3.0.2:::::::*
	cpe:2.3:a:microsoft:internet_explorer:3.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:3.2:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.40.308:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:6.00.2462.0000:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.00.2479.0006:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*
	cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16386:::::::*
	cpe:2.3:a:microsoft:internet_explorer:7.00.6000.16441:::::::*
	cpe:2.3:a:microsoft:ie:5.22:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.01:sp4::::::
	cpe:2.3:a:microsoft:internet_explorer:4.0:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.0.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:4.5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.40.520:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.70.1155:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.70.1158:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.71.544:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.00.2314.1003:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.00.2919.3800:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.50.3825.1300:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.50.4030.2400:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.50.4134.0600:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.50.4308.2900:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.1:::::::*
cpe:2.3:a:microsoft:internet_explorer:5.2.3:::::::*
cpe:2.3:a:microsoft:internet_explorer:6.0.2600:::::::*
cpe:2.3:a:microsoft:internet_explorer:6.0.2800:::::::*
cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:::::::*
cpe:2.3:a:microsoft:internet_explorer:6.0.2900:::::::*
cpe:2.3:a:microsoft:internet_explorer:6.00.2800.1106:::::::*
cpe:2.3:a:microsoft:internet_explorer:7.0:beta::::::
cpe:2.3:a:microsoft:internet_explorer:7.0:::::::*
cpe:2.3:a:microsoft:internet_explorer:7.0.5730.11:::::::*
cpe:2.3:a:microsoft:internet_explorer:6.00.2900.2180:::::::*
cpe:2.3:a:microsoft:internet_explorer:6.00.3663.0000:::::::*
cpe:2.3:a:microsoft:internet_explorer:6.00.3790.0000:::::::*
cpe:2.3:a:microsoft:internet_explorer:7.0:beta1::::::
cpe:2.3:a:microsoft:ie:6.0:sp1::::::
cpe:2.3:a:microsoft:ie:5.0:sp4::::::
cpe:2.3:a:microsoft:ie:6.0:sp2::::::
cpe:2.3:a:microsoft:ie:5.0:sp1::::::
cpe:2.3:a:microsoft:internet_explorer:5.01:::::::*
cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800:::::::*
cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307:::::::*
cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000:::::::*
cpe:2.3:a:microsoft:internet_explorer:5.50.4522.1800:::::::*
cpe:2.3:a:microsoft:internet_explorer:5.50.4807.2300:::::::*
cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*
cpe:2.3:a:microsoft:internet_explorer:5.5:preview::::::
cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:::::::*
cpe:2.3:a:microsoft:internet_explorer:6.00.3790.1830:::::::*
cpe:2.3:a:microsoft:internet_explorer:6.00.3790.3959:::::::*
cpe:2.3:a:microsoft:internet_explorer:7.0:beta3::::::
cpe:2.3:a:microsoft:internet_explorer:7.00.5730.1100:::::::*

Information

Published : 2009-06-15 12:30

Updated : 2021-07-23 08:06

NVD link : CVE-2009-2069

Mitre link : CVE-2009-2069

JSON object : View

CWE

CWE-287

Improper Authentication

Products Affected

microsoft

internet_explorer
ie

5.8 /10