| Max CVSS | 9.3 | Min CVSS | 5.4 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-2057 | 5.8 |
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by m
|
23-07-2021 - 15:06 | 15-06-2009 - 19:30 | |
| CVE-2009-2069 | 5.8 |
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a vali
|
23-07-2021 - 15:06 | 15-06-2009 - 19:30 | |
| CVE-2009-2064 | 6.8 |
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by mod
|
30-10-2018 - 16:26 | 15-06-2009 - 19:30 | |
| CVE-2009-2067 | 6.8 |
Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that re
|
30-10-2018 - 16:26 | 15-06-2009 - 19:30 | |
| CVE-2009-2059 | 6.8 |
Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying
|
30-10-2018 - 16:26 | 15-06-2009 - 19:30 | |
| CVE-2009-1836 | 6.8 |
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attacke
|
30-10-2018 - 16:25 | 12-06-2009 - 21:30 | |
| CVE-2009-2065 | 6.8 |
Mozilla Firefox 3.0.10, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying
|
17-08-2017 - 01:30 | 15-06-2009 - 19:30 | |
| CVE-2009-2058 | 6.8 |
Apple Safari before 3.2.2 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying th
|
17-08-2017 - 01:30 | 15-06-2009 - 19:30 | |
| CVE-2009-2061 | 9.3 |
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify
|
17-08-2017 - 01:30 | 15-06-2009 - 19:30 | |
| CVE-2009-2060 | 5.8 |
src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attacke
|
17-08-2017 - 01:30 | 15-06-2009 - 19:30 | |
| CVE-2009-2066 | 6.8 |
Apple Safari detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe
|
17-08-2017 - 01:30 | 15-06-2009 - 19:30 | |
| CVE-2009-2063 | 6.8 |
Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify
|
17-08-2017 - 01:30 | 15-06-2009 - 19:30 | |
| CVE-2009-2062 | 6.8 |
Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 3
|
17-08-2017 - 01:30 | 15-06-2009 - 19:30 | |
| CVE-2009-2068 | 5.8 |
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe
|
17-08-2017 - 01:30 | 15-06-2009 - 19:30 | |
| CVE-2009-2070 | 6.8 |
Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site du
|
07-06-2012 - 16:12 | 15-06-2009 - 19:30 | |
| CVE-2009-2072 | 5.4 |
Apple Safari does not require a cached certificate before displaying a lock icon for an https web site, which allows man-in-the-middle attackers to spoof an arbitrary https site by sending the browser a crafted (1) 4xx or (2) 5xx CONNECT response pag
|
23-06-2009 - 05:33 | 15-06-2009 - 19:30 | |
| CVE-2009-2071 | 6.8 |
Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid cer
|
23-06-2009 - 05:33 | 15-06-2009 - 19:30 |