CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-2070

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.1720%
EPSS Percentile24.87th
Published2009年6月15日
Last Modified2026年4月23日

Vulnerability Description

Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.

Affected Platforms (CPE)

📦
Opera

Opera Browser

All versions

References & Advisories

🔗 http://research.microsoft.com/apps/pubs/default.aspx?id=79323
🔗 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
🔗 http://www.securityfocus.com/bid/35411
🔗 http://research.microsoft.com/apps/pubs/default.aspx?id=79323
🔗 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
🔗 http://www.securityfocus.com/bid/35411

関連する脆弱性情報

CVE-2007-20226.8

Adobe Macromedia Flash Player 7 and 9, when used with Opera before 9.20 or Konqueror before 20070613, allows remote attackers to o...

CVE-2018-125876.1

A cross-site scripting (XSS) vulnerability was found in valeuraddons German Spelling Dictionary v1.3 (an Opera Browser add-on). In...

CVE-2003-10175.0

Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such...

CVE-2004-22605.0

Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote...