CVE-2009-2059

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

Published: Jun 15, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-2059
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
opera / opera_browser	7.23	7.23.x
opera / opera_browser	9.02	9.02.x
opera / opera_browser	7.53	7.53.x
opera / opera_browser	8.50	8.50.x
opera / opera_browser	8.53	8.53.x
opera / opera_browser	9.12	9.12.x
opera / opera_browser	8.0	8.0.x
opera / opera_browser	-	9.22.x
opera / opera_browser	8.54	8.54.x
opera / opera_browser	8.02	8.02.x
opera / opera_browser	9.20	9.20.x
opera / opera_browser	9.21	9.21.x
opera / opera_browser	8.51	8.51.x
opera / opera_browser	7.60	7.60.x
opera / opera_browser	7.54	7.54.x
opera / opera_browser	9.01	9.01.x
opera / opera_browser	9.0	9.0.x
opera / opera_browser	9.10	9.10.x
opera / opera_browser	8.52	8.52.x
opera / opera_browser	8.01	8.01.x
opera / opera_browser	7.0	7.0.x

Vulnerability Database

289,697

CVE-2009-2059