CVE-2009-2070

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Access Control Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 15/06/09 - Updated on 07/06/12

Description

Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.

Category: Access Control Error

CWE-287 (Authentication Issues)
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Security Notices

US National Vulnerability DatabaseCVE-2009-2070

Exploits

SecurityFocusBID-35411

Relative technologies

VendorProduct
operaopera_browser

Share this vulnerability with:

Twitter Facebook LinkedIn Mail