Max CVSS 9.3 Min CVSS 5.4 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2009-2057 5.8
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by m
23-07-2021 - 15:06 15-06-2009 - 19:30
CVE-2009-2069 5.8
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a vali
23-07-2021 - 15:06 15-06-2009 - 19:30
CVE-2009-2064 6.8
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by mod
30-10-2018 - 16:26 15-06-2009 - 19:30
CVE-2009-2067 6.8
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that re
30-10-2018 - 16:26 15-06-2009 - 19:30
CVE-2009-2059 6.8
Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying
30-10-2018 - 16:26 15-06-2009 - 19:30
CVE-2009-1836 6.8
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attacke
30-10-2018 - 16:25 12-06-2009 - 21:30
CVE-2009-2065 6.8
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying
17-08-2017 - 01:30 15-06-2009 - 19:30
CVE-2009-2058 6.8
Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying th
17-08-2017 - 01:30 15-06-2009 - 19:30
CVE-2009-2061 9.3
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify
17-08-2017 - 01:30 15-06-2009 - 19:30
CVE-2009-2060 5.8
src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attacke
17-08-2017 - 01:30 15-06-2009 - 19:30
CVE-2009-2066 6.8
Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe
17-08-2017 - 01:30 15-06-2009 - 19:30
CVE-2009-2063 6.8
Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify
17-08-2017 - 01:30 15-06-2009 - 19:30
CVE-2009-2062 6.8
Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 3
17-08-2017 - 01:30 15-06-2009 - 19:30
CVE-2009-2068 5.8
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe
17-08-2017 - 01:30 15-06-2009 - 19:30
CVE-2009-2070 6.8
Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site du
07-06-2012 - 16:12 15-06-2009 - 19:30
CVE-2009-2072 5.4
Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response pag
23-06-2009 - 05:33 15-06-2009 - 19:30
CVE-2009-2071 6.8
Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid cer
23-06-2009 - 05:33 15-06-2009 - 19:30
Back to Top Mark selected
Back to Top