CVE-2009-2059

Description

Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an SSL tampering attack.

Risk Information

Base Score

6.5

MODERATE

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N

EPSS Score

Exploitation Probability

0.235

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities affected in Opera 9.22	Windows
Multiple vulnerabilities affected in Opera 9.22 (For Ubuntu)	Linux
Multiple vulnerabilities affected in Opera 9.22 (For Debian)	Linux
Multiple vulnerabilities affected in Opera 9.22 (For Centos)	Linux
Multiple vulnerabilities affected in Opera 9.22 (For RedHat)	Linux
Multiple vulnerabilities affected in Opera 9.22 (For Suse)	Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234