CVE-2009-2057

CWE-287Improper Authentication3 documents3 sources
Severity
5.8MEDIUM
EPSS
9.2%
top 7.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedJun 15
Latest updateMay 2

Description

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

NVDmicrosoft/internet_explorer71 versions+70
NVDmicrosoft/ie5.0, 5.22, 6.0+2

🔴Vulnerability Details

2
GHSA
GHSA-875j-h634-3xpp: Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT respons2022-05-02
CVEList
CVE-2009-2057: Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT respons2009-06-15
CVE-2009-2057 (MEDIUM CVSS 5.8) | Microsoft Internet Explorer before | cvebase.io