Home

CVE-2009-2070

Description

Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.

Risk Information

Base Score
4.7
MODERATE
Vector
AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.143

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Opera 9.22Windows
Multiple vulnerabilities affected in Opera 9.22 (For Ubuntu)Linux
Multiple vulnerabilities affected in Opera 9.22 (For Debian)Linux
Multiple vulnerabilities affected in Opera 9.22 (For Centos)Linux
Multiple vulnerabilities affected in Opera 9.22 (For RedHat)Linux
Multiple vulnerabilities affected in Opera 9.22 (For Suse)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234