Lucene search
HistoryOct 03, 2022 - 4:24 p.m.
CVE-2009-2057
microsoft
internet explorer
http
host header
ssl
tampering
cve-2009-2057
nvd
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7.1 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.8%
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an “SSL tampering” attack.
Affected configurations
Node
microsoftieMatch5.0sp1
ORmicrosoftieMatch5.0sp4
ORmicrosoftieMatch5.22
ORmicrosoftieMatch6.0sp1
ORmicrosoftieMatch6.0sp2
ORmicrosoftinternet_explorerMatch3.0
ORmicrosoftinternet_explorerMatch3.0.1
ORmicrosoftinternet_explorerMatch3.0.2
ORmicrosoftinternet_explorerMatch3.1
ORmicrosoftinternet_explorerMatch3.2
ORmicrosoftinternet_explorerMatch4.0
ORmicrosoftinternet_explorerMatch4.0.1
ORmicrosoftinternet_explorerMatch4.0.1sp1
ORmicrosoftinternet_explorerMatch4.0.1sp2
ORmicrosoftinternet_explorerMatch4.01
ORmicrosoftinternet_explorerMatch4.1
ORmicrosoftinternet_explorerMatch4.01sp1
ORmicrosoftinternet_explorerMatch4.5
ORmicrosoftinternet_explorerMatch4.40.308
ORmicrosoftinternet_explorerMatch4.40.520
ORmicrosoftinternet_explorerMatch4.70.1155
ORmicrosoftinternet_explorerMatch4.70.1158
ORmicrosoftinternet_explorerMatch4.70.1215
ORmicrosoftinternet_explorerMatch4.70.1300
ORmicrosoftinternet_explorerMatch4.71.544
ORmicrosoftinternet_explorerMatch4.71.1008.3
ORmicrosoftinternet_explorerMatch4.71.1712.6
ORmicrosoftinternet_explorerMatch4.72.2106.8
ORmicrosoftinternet_explorerMatch4.72.3110.8
ORmicrosoftinternet_explorerMatch4.72.3612.1713
ORmicrosoftinternet_explorerMatch5
ORmicrosoftinternet_explorerMatch5.0
ORmicrosoftinternet_explorerMatch5.0.1
ORmicrosoftinternet_explorerMatch5.0.1sp1
ORmicrosoftinternet_explorerMatch5.0.1sp2
ORmicrosoftinternet_explorerMatch5.0.1sp3
ORmicrosoftinternet_explorerMatch5.0.1sp4
ORmicrosoftinternet_explorerMatch5.00.0518.10
ORmicrosoftinternet_explorerMatch5.00.0910.1309
ORmicrosoftinternet_explorerMatch5.00.2014.0216
ORmicrosoftinternet_explorerMatch5.00.2314.1003
ORmicrosoftinternet_explorerMatch5.00.2614.3500
ORmicrosoftinternet_explorerMatch5.00.2919.800
ORmicrosoftinternet_explorerMatch5.00.2919.3800
ORmicrosoftinternet_explorerMatch5.00.2919.6307
ORmicrosoftinternet_explorerMatch5.00.2920.0000
ORmicrosoftinternet_explorerMatch5.00.3103.1000
ORmicrosoftinternet_explorerMatch5.00.3105.0106
ORmicrosoftinternet_explorerMatch5.00.3314.2101
ORmicrosoftinternet_explorerMatch5.00.3315.1000
ORmicrosoftinternet_explorerMatch5.00.3502.1000
ORmicrosoftinternet_explorerMatch5.00.3700.1000
ORmicrosoftinternet_explorerMatch5.01
ORmicrosoftinternet_explorerMatch5.1
ORmicrosoftinternet_explorerMatch5.01sp1
ORmicrosoftinternet_explorerMatch5.01sp2
ORmicrosoftinternet_explorerMatch5.01sp3
ORmicrosoftinternet_explorerMatch5.01sp4
ORmicrosoftinternet_explorerMatch5.2.3
ORmicrosoftinternet_explorerMatch5.5
ORmicrosoftinternet_explorerMatch5.5preview
ORmicrosoftinternet_explorerMatch5.5sp1
ORmicrosoftinternet_explorerMatch5.5sp2
ORmicrosoftinternet_explorerMatch5.50.3825.1300
ORmicrosoftinternet_explorerMatch5.50.4030.2400
ORmicrosoftinternet_explorerMatch5.50.4134.0600
ORmicrosoftinternet_explorerMatch5.50.4308.2900
ORmicrosoftinternet_explorerMatch5.50.4522.1800
ORmicrosoftinternet_explorerMatch5.50.4807.2300
ORmicrosoftinternet_explorerMatch6
ORmicrosoftinternet_explorerMatch6sp1
ORmicrosoftinternet_explorerMatch6.0
ORmicrosoftinternet_explorerMatch6.00.2462.0000
ORmicrosoftinternet_explorerMatch6.00.2479.0006
ORmicrosoftinternet_explorerMatch6.0.2600
ORmicrosoftinternet_explorerMatch6.0.2800
ORmicrosoftinternet_explorerMatch6.0.2800.1106
ORmicrosoftinternet_explorerMatch6.00.2800.1106
ORmicrosoftinternet_explorerMatch6.0.2900
ORmicrosoftinternet_explorerMatch6.0.2900.2180
ORmicrosoftinternet_explorerMatch6.00.2900.2180
ORmicrosoftinternet_explorerMatch6.00.3663.0000
ORmicrosoftinternet_explorerMatch6.00.3790.0000
ORmicrosoftinternet_explorerMatch6.00.3790.1830
ORmicrosoftinternet_explorerMatch6.00.3790.3959
ORmicrosoftinternet_explorerMatch7
ORmicrosoftinternet_explorerMatch7.0
ORmicrosoftinternet_explorerMatch7.0beta
ORmicrosoftinternet_explorerMatch7.0beta1
ORmicrosoftinternet_explorerMatch7.0beta3
ORmicrosoftinternet_explorerMatch7.0.5730.11
ORmicrosoftinternet_explorerMatch7.00.5730.1100
ORmicrosoftinternet_explorerMatch7.00.6000.16386
ORmicrosoftinternet_explorerMatch7.00.6000.16441
Related
cvelist
cvelist
CVE-2009-2057
2022-10-03 16:24:07
prion
prion
Hardcoded credentials
2009-06-15 19:30:00
nvd
nvd
CVE-2009-2057
2009-06-15 19:30:00
openvas
openvas
Microsoft Internet Explorer Web Script Execution Vulnerabilities
2009-06-17 00:00:00
Microsoft Internet Explorer Web Script Execution Vulnerabilities
2009-06-17 00:00:00
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
7.1 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.8%
Related for CVE-2009-2057