CVE-2009-2067

2009-06-1519:30:00

CWE-287

[email protected]

web.nvd.nist.gov

opera

cve-2009-2067

vulnerability

man-in-the-middle

web script

https

http

nvd

6.7 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

51.1%

JSON

Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site’s context, by modifying an http page to include an https iframe that references a script file on an http site, related to “HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.”

CPENameOperatorVersion
opera:opera_browseropera opera browsereq7.23
opera:opera_browseropera opera browsereq9.02
opera:opera_browseropera opera browsereq7.53
opera:opera_browseropera opera browsereq8.50
opera:opera_browseropera opera browsereq8.53
opera:opera_browseropera opera browsereq9.12
opera:opera_browseropera opera browsereq8.0
opera:opera_browseropera opera browserle9.22
opera:opera_browseropera opera browsereq8.54
opera:opera_browseropera opera browsereq8.02

CPE	Name	Operator	Version
opera:opera_browser	opera opera browser	eq	7.23
opera:opera_browser	opera opera browser	eq	9.02
opera:opera_browser	opera opera browser	eq	7.53
opera:opera_browser	opera opera browser	eq	8.50
opera:opera_browser	opera opera browser	eq	8.53
opera:opera_browser	opera opera browser	eq	9.12
opera:opera_browser	opera opera browser	eq	8.0
opera:opera_browser	opera opera browser	le	9.22
opera:opera_browser	opera opera browser	eq	8.54
opera:opera_browser	opera opera browser	eq	8.02