5.8

CVE-2009-2057

Exploit

EPSS 11.95%
Veröffentlicht 15.06.2009 19:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Ie Version5.0 Updatesp1

Microsoft ≫ Ie Version5.0 Updatesp4

Microsoft ≫ Ie Version5.22

Microsoft ≫ Ie Version6.0 Updatesp1

Microsoft ≫ Ie Version6.0 Updatesp2

Microsoft ≫ Internet Explorer Version3.0

Microsoft ≫ Internet Explorer Version3.0.1

Microsoft ≫ Internet Explorer Version3.0.2

Microsoft ≫ Internet Explorer Version3.1

Microsoft ≫ Internet Explorer Version3.2

Microsoft ≫ Internet Explorer Version4.0

Microsoft ≫ Internet Explorer Version4.0.1

Microsoft ≫ Internet Explorer Version4.0.1 Updatesp1

Microsoft ≫ Internet Explorer Version4.0.1 Updatesp2

Microsoft ≫ Internet Explorer Version4.01

Microsoft ≫ Internet Explorer Version4.1

Microsoft ≫ Internet Explorer Version4.01 Updatesp1

Microsoft ≫ Internet Explorer Version4.5

Microsoft ≫ Internet Explorer Version4.40.308

Microsoft ≫ Internet Explorer Version4.40.520

Microsoft ≫ Internet Explorer Version4.70.1155

Microsoft ≫ Internet Explorer Version4.70.1158

Microsoft ≫ Internet Explorer Version4.70.1215

Microsoft ≫ Internet Explorer Version4.70.1300

Microsoft ≫ Internet Explorer Version4.71.544

Microsoft ≫ Internet Explorer Version4.71.1008.3

Microsoft ≫ Internet Explorer Version4.71.1712.6

Microsoft ≫ Internet Explorer Version4.72.2106.8

Microsoft ≫ Internet Explorer Version4.72.3110.8

Microsoft ≫ Internet Explorer Version4.72.3612.1713

Microsoft ≫ Internet Explorer Version5

Microsoft ≫ Internet Explorer Version5.0

Microsoft ≫ Internet Explorer Version5.0.1

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp1

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp2

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp3

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp4

Microsoft ≫ Internet Explorer Version5.00.0518.10

Microsoft ≫ Internet Explorer Version5.00.0910.1309

Microsoft ≫ Internet Explorer Version5.00.2014.0216

Microsoft ≫ Internet Explorer Version5.00.2314.1003

Microsoft ≫ Internet Explorer Version5.00.2614.3500

Microsoft ≫ Internet Explorer Version5.00.2919.800

Microsoft ≫ Internet Explorer Version5.00.2919.3800

Microsoft ≫ Internet Explorer Version5.00.2919.6307

Microsoft ≫ Internet Explorer Version5.00.2920.0000

Microsoft ≫ Internet Explorer Version5.00.3103.1000

Microsoft ≫ Internet Explorer Version5.00.3105.0106

Microsoft ≫ Internet Explorer Version5.00.3314.2101

Microsoft ≫ Internet Explorer Version5.00.3315.1000

Microsoft ≫ Internet Explorer Version5.00.3502.1000

Microsoft ≫ Internet Explorer Version5.00.3700.1000

Microsoft ≫ Internet Explorer Version5.01

Microsoft ≫ Internet Explorer Version5.1

Microsoft ≫ Internet Explorer Version5.01 Updatesp1

Microsoft ≫ Internet Explorer Version5.01 Updatesp2

Microsoft ≫ Internet Explorer Version5.01 Updatesp3

Microsoft ≫ Internet Explorer Version5.01 Updatesp4

Microsoft ≫ Internet Explorer Version5.2.3

Microsoft ≫ Internet Explorer Version5.5

Microsoft ≫ Internet Explorer Version5.5 Updatepreview

Microsoft ≫ Internet Explorer Version5.5 Updatesp1

Microsoft ≫ Internet Explorer Version5.5 Updatesp2

Microsoft ≫ Internet Explorer Version5.50.3825.1300

Microsoft ≫ Internet Explorer Version5.50.4030.2400

Microsoft ≫ Internet Explorer Version5.50.4134.0600

Microsoft ≫ Internet Explorer Version5.50.4308.2900

Microsoft ≫ Internet Explorer Version5.50.4522.1800

Microsoft ≫ Internet Explorer Version5.50.4807.2300

Microsoft ≫ Internet Explorer Version6

Microsoft ≫ Internet Explorer Version6 Updatesp1

Microsoft ≫ Internet Explorer Version6.0

Microsoft ≫ Internet Explorer Version6.00.2462.0000

Microsoft ≫ Internet Explorer Version6.00.2479.0006

Microsoft ≫ Internet Explorer Version6.0.2600

Microsoft ≫ Internet Explorer Version6.0.2800

Microsoft ≫ Internet Explorer Version6.0.2800.1106

Microsoft ≫ Internet Explorer Version6.00.2800.1106

Microsoft ≫ Internet Explorer Version6.0.2900

Microsoft ≫ Internet Explorer Version6.0.2900.2180

Microsoft ≫ Internet Explorer Version6.00.2900.2180

Microsoft ≫ Internet Explorer Version6.00.3663.0000

Microsoft ≫ Internet Explorer Version6.00.3790.0000

Microsoft ≫ Internet Explorer Version6.00.3790.1830

Microsoft ≫ Internet Explorer Version6.00.3790.3959

Microsoft ≫ Internet Explorer Version7

Microsoft ≫ Internet Explorer Version7.0

Microsoft ≫ Internet Explorer Version7.0 Updatebeta

Microsoft ≫ Internet Explorer Version7.0 Updatebeta1

Microsoft ≫ Internet Explorer Version7.0 Updatebeta3

Microsoft ≫ Internet Explorer Version7.0.5730.11

Microsoft ≫ Internet Explorer Version7.00.5730.1100

Microsoft ≫ Internet Explorer Version7.00.6000.16386

Microsoft ≫ Internet Explorer Version7.00.6000.16441

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	11.95%	0.931

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://research.microsoft.com/apps/pubs/default.aspx?id=79323

http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2009-2057

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2057

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2057

EUVD