6.8
CVE-2009-2064
- EPSS 18.53%
- Published 15.06.2009 19:30:05
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Updatebeta2 Version <= 8
Microsoft ≫ Internet Explorer Version5
Microsoft ≫ Internet Explorer Version5.01 Updatesp4
Microsoft ≫ Internet Explorer Version6
Microsoft ≫ Internet Explorer Version6 Updatesp1
Microsoft ≫ Internet Explorer Version6 Updatesp2
Microsoft ≫ Internet Explorer Version7
Microsoft ≫ Internet Explorer Version7.0.5730
Microsoft ≫ Internet Explorer Version8
Microsoft ≫ Internet Explorer Version8 Updatebeta1
Microsoft ≫ Internet Explorer Version8.0b
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 18.53% | 0.947 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.