Lucene search

[email protected]CVE-2009-2070

HistoryJun 15, 2009 - 7:30 p.m.

CVE-2009-2070

2009-06-1519:30:00

CWE-287

[email protected]

web.nvd.nist.gov

opera

cache-bypass

vulnerability

spoofing

https

sites

6.1 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

47.8%

JSON

Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.

CPENameOperatorVersion
opera:opera_browseropera opera browsereq-

CPE	Name	Operator	Version
opera:opera_browser	opera opera browser	eq	-

References

research.microsoft.com/apps/pubs/default.aspx?id=79323

research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

www.securityfocus.com/bid/35411

Social References

6.1 Medium

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

47.8%

JSON

Related for CVE-2009-2070

prion1 cvelist1 openvas8 nessus4 gentoo1