4 matches found
CVE-2009-2059
Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a 1 4xx or 2 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" atta...
Gentoo Security Advisory GLSA 201206-03 (Opera)
The remote host is missing updates announced in advisory GLSA 201206-03. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
openSUSE Security Update : opera (opera-1261)
Opera version 10 includes at least security fixes for an XML denial-of-service bug CVE-2009-1234 and the 'SSL tampering' attack CVE-2009-2059, CVE-2009-2063, CVE-2009-2067, CVE-2009-2070. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
CVE-2009-2059
Opera, possibly before 9.25, is affected by an SSL-tampering vulnerability where the HTTP Host header is used to determine the context of a document in certain 4xx/5xx CONNECT responses from a proxy. This enables a man-in-the-middle to inject arbitrary web script by modifying the CONNECT response...