5.8

CVE-2009-2069

EPSS 2.95%
Published 15.06.2009 19:30:05
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Ie Version5.0 Updatesp1

Microsoft ≫ Ie Version5.0 Updatesp4

Microsoft ≫ Ie Version5.22

Microsoft ≫ Ie Version6.0 Updatesp1

Microsoft ≫ Ie Version6.0 Updatesp2

Microsoft ≫ Internet Explorer Version3.0

Microsoft ≫ Internet Explorer Version3.0.1

Microsoft ≫ Internet Explorer Version3.0.2

Microsoft ≫ Internet Explorer Version3.1

Microsoft ≫ Internet Explorer Version3.2

Microsoft ≫ Internet Explorer Version4.0

Microsoft ≫ Internet Explorer Version4.0.1

Microsoft ≫ Internet Explorer Version4.0.1 Updatesp1

Microsoft ≫ Internet Explorer Version4.0.1 Updatesp2

Microsoft ≫ Internet Explorer Version4.01

Microsoft ≫ Internet Explorer Version4.1

Microsoft ≫ Internet Explorer Version4.01 Updatesp1

Microsoft ≫ Internet Explorer Version4.5

Microsoft ≫ Internet Explorer Version4.40.308

Microsoft ≫ Internet Explorer Version4.40.520

Microsoft ≫ Internet Explorer Version4.70.1155

Microsoft ≫ Internet Explorer Version4.70.1158

Microsoft ≫ Internet Explorer Version4.70.1215

Microsoft ≫ Internet Explorer Version4.70.1300

Microsoft ≫ Internet Explorer Version4.71.544

Microsoft ≫ Internet Explorer Version4.71.1008.3

Microsoft ≫ Internet Explorer Version4.71.1712.6

Microsoft ≫ Internet Explorer Version4.72.2106.8

Microsoft ≫ Internet Explorer Version4.72.3110.8

Microsoft ≫ Internet Explorer Version4.72.3612.1713

Microsoft ≫ Internet Explorer Version5

Microsoft ≫ Internet Explorer Version5.0

Microsoft ≫ Internet Explorer Version5.0.1

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp1

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp2

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp3

Microsoft ≫ Internet Explorer Version5.0.1 Updatesp4

Microsoft ≫ Internet Explorer Version5.00.0518.10

Microsoft ≫ Internet Explorer Version5.00.0910.1309

Microsoft ≫ Internet Explorer Version5.00.2014.0216

Microsoft ≫ Internet Explorer Version5.00.2314.1003

Microsoft ≫ Internet Explorer Version5.00.2614.3500

Microsoft ≫ Internet Explorer Version5.00.2919.800

Microsoft ≫ Internet Explorer Version5.00.2919.3800

Microsoft ≫ Internet Explorer Version5.00.2919.6307

Microsoft ≫ Internet Explorer Version5.00.2920.0000

Microsoft ≫ Internet Explorer Version5.00.3103.1000

Microsoft ≫ Internet Explorer Version5.00.3105.0106

Microsoft ≫ Internet Explorer Version5.00.3314.2101

Microsoft ≫ Internet Explorer Version5.00.3315.1000

Microsoft ≫ Internet Explorer Version5.00.3502.1000

Microsoft ≫ Internet Explorer Version5.00.3700.1000

Microsoft ≫ Internet Explorer Version5.01

Microsoft ≫ Internet Explorer Version5.1

Microsoft ≫ Internet Explorer Version5.01 Updatesp1

Microsoft ≫ Internet Explorer Version5.01 Updatesp2

Microsoft ≫ Internet Explorer Version5.01 Updatesp3

Microsoft ≫ Internet Explorer Version5.01 Updatesp4

Microsoft ≫ Internet Explorer Version5.2.3

Microsoft ≫ Internet Explorer Version5.5

Microsoft ≫ Internet Explorer Version5.5 Updatepreview

Microsoft ≫ Internet Explorer Version5.5 Updatesp1

Microsoft ≫ Internet Explorer Version5.5 Updatesp2

Microsoft ≫ Internet Explorer Version5.50.3825.1300

Microsoft ≫ Internet Explorer Version5.50.4030.2400

Microsoft ≫ Internet Explorer Version5.50.4134.0600

Microsoft ≫ Internet Explorer Version5.50.4308.2900

Microsoft ≫ Internet Explorer Version5.50.4522.1800

Microsoft ≫ Internet Explorer Version5.50.4807.2300

Microsoft ≫ Internet Explorer Version6

Microsoft ≫ Internet Explorer Version6 Updatesp1

Microsoft ≫ Internet Explorer Version6.0

Microsoft ≫ Internet Explorer Version6.00.2462.0000

Microsoft ≫ Internet Explorer Version6.00.2479.0006

Microsoft ≫ Internet Explorer Version6.0.2600

Microsoft ≫ Internet Explorer Version6.0.2800

Microsoft ≫ Internet Explorer Version6.0.2800.1106

Microsoft ≫ Internet Explorer Version6.00.2800.1106

Microsoft ≫ Internet Explorer Version6.0.2900

Microsoft ≫ Internet Explorer Version6.0.2900.2180

Microsoft ≫ Internet Explorer Version6.00.2900.2180

Microsoft ≫ Internet Explorer Version6.00.3663.0000

Microsoft ≫ Internet Explorer Version6.00.3790.0000

Microsoft ≫ Internet Explorer Version6.00.3790.1830

Microsoft ≫ Internet Explorer Version6.00.3790.3959

Microsoft ≫ Internet Explorer Version7

Microsoft ≫ Internet Explorer Version7.0

Microsoft ≫ Internet Explorer Version7.0 Updatebeta

Microsoft ≫ Internet Explorer Version7.0 Updatebeta1

Microsoft ≫ Internet Explorer Version7.0 Updatebeta3

Microsoft ≫ Internet Explorer Version7.0.5730.11

Microsoft ≫ Internet Explorer Version7.00.5730.1100

Microsoft ≫ Internet Explorer Version7.00.6000.16386

Microsoft ≫ Internet Explorer Version7.00.6000.16441

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.95%	0.852

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://research.microsoft.com/apps/pubs/default.aspx?id=79323

http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

http://www.securityfocus.com/bid/35411

https://nvd.nist.gov/vuln/detail/CVE-2009-2069

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2069

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2069

EUVD