Lucene search

[email protected]NVD:CVE-2009-1836

HistoryJun 12, 2009 - 9:30 p.m.

CVE-2009-1836

2009-06-1221:30:00

CWE-287

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an “SSL tampering” attack.

Affected configurations

NVD

Node

mozillafirefoxRange≤3.0.10

mozillafirefoxMatch0.1

mozillafirefoxMatch0.2

mozillafirefoxMatch0.3

mozillafirefoxMatch0.4

mozillafirefoxMatch0.5

mozillafirefoxMatch0.6

mozillafirefoxMatch0.6.1

mozillafirefoxMatch0.7

mozillafirefoxMatch0.7.1

mozillafirefoxMatch0.8

mozillafirefoxMatch0.9

mozillafirefoxMatch0.9rc

mozillafirefoxMatch0.9.1

mozillafirefoxMatch0.9.2

mozillafirefoxMatch0.9.3

mozillafirefoxMatch0.9_rc

mozillafirefoxMatch0.10

mozillafirefoxMatch0.10.1

mozillafirefoxMatch1.0

mozillafirefoxMatch1.0preview_release

mozillafirefoxMatch1.0.1

mozillafirefoxMatch1.0.2

mozillafirefoxMatch1.0.3

mozillafirefoxMatch1.0.4

mozillafirefoxMatch1.0.5

mozillafirefoxMatch1.0.6

mozillafirefoxMatch1.0.6linux

mozillafirefoxMatch1.0.7

mozillafirefoxMatch1.0.8

mozillafirefoxMatch1.4.1

mozillafirefoxMatch1.5

mozillafirefoxMatch1.5beta1

mozillafirefoxMatch1.5beta2

mozillafirefoxMatch1.5.0.1

mozillafirefoxMatch1.5.0.2

mozillafirefoxMatch1.5.0.3

mozillafirefoxMatch1.5.0.4

mozillafirefoxMatch1.5.0.5

mozillafirefoxMatch1.5.0.6

mozillafirefoxMatch1.5.0.7

mozillafirefoxMatch1.5.0.8

mozillafirefoxMatch1.5.0.9

mozillafirefoxMatch1.5.0.10

mozillafirefoxMatch1.5.0.11

mozillafirefoxMatch1.5.0.12

mozillafirefoxMatch1.5.1

mozillafirefoxMatch1.5.2

mozillafirefoxMatch1.5.3

mozillafirefoxMatch1.5.4

mozillafirefoxMatch1.5.5

mozillafirefoxMatch1.5.6

mozillafirefoxMatch1.5.7

mozillafirefoxMatch1.5.8

mozillafirefoxMatch1.8

mozillafirefoxMatch2.0

mozillafirefoxMatch2.0beta_1

mozillafirefoxMatch2.0beta1

mozillafirefoxMatch2.0rc2

mozillafirefoxMatch2.0rc3

mozillafirefoxMatch2.0.0.1

mozillafirefoxMatch2.0.0.2

mozillafirefoxMatch2.0.0.3

mozillafirefoxMatch2.0.0.4

mozillafirefoxMatch2.0.0.5

mozillafirefoxMatch2.0.0.6

mozillafirefoxMatch2.0.0.7

mozillafirefoxMatch2.0.0.8

mozillafirefoxMatch2.0.0.9

mozillafirefoxMatch2.0.0.10

mozillafirefoxMatch2.0.0.11

mozillafirefoxMatch2.0.0.12

mozillafirefoxMatch2.0.0.13

mozillafirefoxMatch2.0.0.14

mozillafirefoxMatch2.0.0.15

mozillafirefoxMatch2.0.0.16

mozillafirefoxMatch2.0.0.17

mozillafirefoxMatch2.0.0.18

mozillafirefoxMatch2.0.0.19

mozillafirefoxMatch2.0.0.20

mozillafirefoxMatch2.0.0.21

mozillafirefoxMatch2.0_.1

mozillafirefoxMatch2.0_.4

mozillafirefoxMatch2.0_.5

mozillafirefoxMatch2.0_.6

mozillafirefoxMatch2.0_.7

mozillafirefoxMatch2.0_.9

mozillafirefoxMatch2.0_.10

mozillafirefoxMatch2.0_8

mozillafirefoxMatch3.0

mozillafirefoxMatch3.0alpha

mozillafirefoxMatch3.0beta2

mozillafirefoxMatch3.0beta5

mozillafirefoxMatch3.0.1

mozillafirefoxMatch3.0.2

mozillafirefoxMatch3.0.3

mozillafirefoxMatch3.0.4

mozillafirefoxMatch3.0.5

mozillafirefoxMatch3.0.6

mozillafirefoxMatch3.0.7

mozillafirefoxMatch3.0.8

mozillafirefoxMatch3.0.9

mozillafirefoxMatch3.0beta5

mozillaseamonkeyRange≤1.1.16

mozillaseamonkeyMatch1.0

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0dev

mozillaseamonkeyMatch1.0alpha

mozillaseamonkeyMatch1.0beta

mozillaseamonkeyMatch1.0.1

mozillaseamonkeyMatch1.0.3

mozillaseamonkeyMatch1.0.4

mozillaseamonkeyMatch1.0.6

mozillaseamonkeyMatch1.0.8

mozillaseamonkeyMatch1.0.9

mozillaseamonkeyMatch1.0.99

mozillaseamonkeyMatch1.1

mozillaseamonkeyMatch1.1alpha

mozillaseamonkeyMatch1.1beta

mozillaseamonkeyMatch1.1.1

mozillaseamonkeyMatch1.1.3

mozillaseamonkeyMatch1.1.5

mozillaseamonkeyMatch1.1.51.1.10

mozillaseamonkeyMatch1.1.6

mozillaseamonkeyMatch1.1.7

mozillaseamonkeyMatch1.1.8

mozillaseamonkeyMatch1.1.9

mozillaseamonkeyMatch1.1.10

mozillaseamonkeyMatch1.1.11

mozillaseamonkeyMatch1.1.12

mozillaseamonkeyMatch1.1.13

mozillaseamonkeyMatch1.1.15

mozillathunderbirdRange≤2.0.0.19

mozillathunderbirdMatch0.1

mozillathunderbirdMatch0.2

mozillathunderbirdMatch0.3

mozillathunderbirdMatch0.4

mozillathunderbirdMatch0.5

mozillathunderbirdMatch0.6

mozillathunderbirdMatch0.7

mozillathunderbirdMatch0.7.1

mozillathunderbirdMatch0.7.2

mozillathunderbirdMatch0.7.3

mozillathunderbirdMatch0.8

mozillathunderbirdMatch0.9

mozillathunderbirdMatch1.0

mozillathunderbirdMatch1.0.1

mozillathunderbirdMatch1.0.2

mozillathunderbirdMatch1.0.3

mozillathunderbirdMatch1.0.4

mozillathunderbirdMatch1.0.5

mozillathunderbirdMatch1.0.5beta

mozillathunderbirdMatch1.0.6

mozillathunderbirdMatch1.0.7

mozillathunderbirdMatch1.0.8

mozillathunderbirdMatch1.5

mozillathunderbirdMatch1.5beta2

mozillathunderbirdMatch1.5.0.1

mozillathunderbirdMatch1.5.0.2

mozillathunderbirdMatch1.5.0.3

mozillathunderbirdMatch1.5.0.4

mozillathunderbirdMatch1.5.0.5

mozillathunderbirdMatch1.5.0.6

mozillathunderbirdMatch1.5.0.7

mozillathunderbirdMatch1.5.0.8

mozillathunderbirdMatch1.5.0.9

mozillathunderbirdMatch1.5.0.10

mozillathunderbirdMatch1.5.0.11

mozillathunderbirdMatch1.5.0.12

mozillathunderbirdMatch1.5.0.13

mozillathunderbirdMatch1.5.0.14

mozillathunderbirdMatch1.5.1

mozillathunderbirdMatch1.5.2

mozillathunderbirdMatch1.7.1

mozillathunderbirdMatch1.7.3

mozillathunderbirdMatch2.0.0.0

mozillathunderbirdMatch2.0.0.1

mozillathunderbirdMatch2.0.0.2

mozillathunderbirdMatch2.0.0.3

mozillathunderbirdMatch2.0.0.4

mozillathunderbirdMatch2.0.0.5

mozillathunderbirdMatch2.0.0.6

mozillathunderbirdMatch2.0.0.7

mozillathunderbirdMatch2.0.0.8

mozillathunderbirdMatch2.0.0.9

mozillathunderbirdMatch2.0.0.11

mozillathunderbirdMatch2.0.0.12

mozillathunderbirdMatch2.0.0.13

mozillathunderbirdMatch2.0.0.14

mozillathunderbirdMatch2.0.0.15

mozillathunderbirdMatch2.0.0.16

mozillathunderbirdMatch2.0.0.17

mozillathunderbirdMatch2.0.0.18

mozillathunderbirdMatch2.0_.4

mozillathunderbirdMatch2.0_.5

mozillathunderbirdMatch2.0_.6

mozillathunderbirdMatch2.0_.9

mozillathunderbirdMatch2.0_.12

mozillathunderbirdMatch2.0_.13

mozillathunderbirdMatch2.0_.14

mozillathunderbirdMatch2.0_8

References

osvdb.org/55160

research.microsoft.com/apps/pubs/default.aspx?id=79323

research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

secunia.com/advisories/35331

secunia.com/advisories/35415

secunia.com/advisories/35431

secunia.com/advisories/35439

secunia.com/advisories/35440

secunia.com/advisories/35468

secunia.com/advisories/35536

secunia.com/advisories/35561

secunia.com/advisories/35602

secunia.com/advisories/35882

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468

slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408

sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1

www.debian.org/security/2009/dsa-1820

www.debian.org/security/2009/dsa-1830

www.mandriva.com/security/advisories?name=MDVSA-2009:141

www.mozilla.org/security/announce/2009/mfsa2009-27.html

www.redhat.com/support/errata/RHSA-2009-1126.html

www.securityfocus.com/bid/35326

www.securityfocus.com/bid/35380

www.securitytracker.com/id?1022396

www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275

www.ubuntu.com/usn/usn-782-1

www.vupen.com/english/advisories/2009/1572

bugzilla.mozilla.org/show_bug.cgi?id=479880

bugzilla.redhat.com/show_bug.cgi?id=503578

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11764

rhn.redhat.com/errata/RHSA-2009-1095.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html

www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html

www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html

www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON

Related for NVD:CVE-2009-1836

cve1 checkpoint_advisories1 cvelist1 veracode1 securityvulns2 prion1 ubuntucve1 mozilla1 openvas66 fedora41 nessus37 debian2 freebsd1 suse1 ubuntu2 redhat2 centos2 osv2 oraclelinux1 gentoo1