Lucene search

K

[email protected]CVE-2009-1836

HistoryJun 12, 2009 - 9:30 p.m.

CVE-2009-1836

2009-06-1221:30:00

CWE-287

[email protected]

web.nvd.nist.gov

46

cve-2009-1836

mozilla firefox

thunderbird

seamonkey

ssl

tampering

vulnerability

http host header

man-in-the-middle

proxy server

9.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.5%

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an “SSL tampering” attack.

CPENameOperatorVersion
mozilla:seamonkeymozilla seamonkeyeq1.1.10
mozilla:firefoxmozilla firefoxeq0.1
mozilla:thunderbirdmozilla thunderbirdeq1.5.0.7
mozilla:firefoxmozilla firefoxeq0.9_rc
mozilla:thunderbirdmozilla thunderbirdeq0.6
mozilla:seamonkeymozilla seamonkeyeq1.0.3
mozilla:firefoxmozilla firefoxeq0.8
mozilla:firefoxmozilla firefoxeq2.0.0.12
mozilla:thunderbirdmozilla thunderbirdeq0.7.2
mozilla:firefoxmozilla firefoxeq1.5

Rows per page:

1-10 of 1801

References

osvdb.org/55160

research.microsoft.com/apps/pubs/default.aspx?id=79323

research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

secunia.com/advisories/35331

secunia.com/advisories/35415

secunia.com/advisories/35431

secunia.com/advisories/35439

secunia.com/advisories/35440

secunia.com/advisories/35468

secunia.com/advisories/35536

secunia.com/advisories/35561

secunia.com/advisories/35602

secunia.com/advisories/35882

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408

sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

www.debian.org/security/2009/dsa-1820

www.debian.org/security/2009/dsa-1830

www.mandriva.com/security/advisories?name=MDVSA-2009:141

www.mozilla.org/security/announce/2009/mfsa2009-27.html

www.redhat.com/support/errata/RHSA-2009-1126.html

www.securityfocus.com/bid/35326

www.securityfocus.com/bid/35380

www.securitytracker.com/id?1022396

www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275

www.ubuntu.com/usn/usn-782-1

www.vupen.com/english/advisories/2009/1572

bugzilla.mozilla.org/show_bug.cgi?id=479880

bugzilla.redhat.com/show_bug.cgi?id=503578

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11764

rhn.redhat.com/errata/RHSA-2009-1095.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html

www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html

www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html

9.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.5%

Related for CVE-2009-1836

checkpoint_advisories1 cvelist1 veracode1 securityvulns2 prion1 ubuntucve1 mozilla1 openvas66 nessus37 fedora41 debian2 suse1 redhat2 freebsd1 ubuntu2 osv2 centos2 oraclelinux1 gentoo1