Lucene search

PRIOn knowledge basePRION:CVE-2009-2059

HistoryJun 15, 2009 - 7:30 p.m.

Hardcoded credentials

2009-06-1519:30:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.8%

JSON

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an “SSL tampering” attack.

CPENameOperatorVersion
opera_browsereq7.23
opera_browsereq9.02
opera_browsereq7.53
opera_browsereq8.50
opera_browsereq8.53
opera_browsereq9.12
opera_browsereq8.0
opera_browserle9.22
opera_browsereq8.54
opera_browsereq8.02

Name	Operator	Version
opera_browser	eq	7.23
opera_browser	eq	9.02
opera_browser	eq	7.53
opera_browser	eq	8.50
opera_browser	eq	8.53
opera_browser	eq	9.12
opera_browser	eq	8.0
opera_browser	le	9.22
opera_browser	eq	8.54
opera_browser	eq	8.02

Rows per page:

1-10 of 211

References

research.microsoft.com/apps/pubs/default.aspx?id=79323

research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

7.3 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for PRION:CVE-2009-2059