// For flags

CVE-2009-2060

 

Severity Score

5.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

src/net/http/http_transaction_winhttp.cc en Google Chrome anteriores a v1.0.154.53 utiliza una cabecera Host HTTP para determinar el contexto de un documento proporcionado en una respuesta de CONEXIÓN (1) 4xx o (2) 5xx desde un servidor proxy, lo que permite a los atacantes "hombre en el medio" ejecutar arbitrariamente una secuencia de comando web modificando esta respuesta de CONEXIÓN, también conocida como un ataque "forzado SSL"

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-06-15 CVE Reserved
  • 2009-06-15 CVE Published
  • 2023-12-14 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
<= 1.0.154.52
Search vendor "Google" for product "Chrome" and version " <= 1.0.154.52"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
0.2.149.29
Search vendor "Google" for product "Chrome" and version "0.2.149.29"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
0.2.149.30
Search vendor "Google" for product "Chrome" and version "0.2.149.30"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
0.2.152.1
Search vendor "Google" for product "Chrome" and version "0.2.152.1"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
0.2.153.1
Search vendor "Google" for product "Chrome" and version "0.2.153.1"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
0.3.154.0
Search vendor "Google" for product "Chrome" and version "0.3.154.0"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
0.3.154.3
Search vendor "Google" for product "Chrome" and version "0.3.154.3"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
0.4.154.18
Search vendor "Google" for product "Chrome" and version "0.4.154.18"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
0.4.154.22
Search vendor "Google" for product "Chrome" and version "0.4.154.22"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
0.4.154.31
Search vendor "Google" for product "Chrome" and version "0.4.154.31"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
0.4.154.33
Search vendor "Google" for product "Chrome" and version "0.4.154.33"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
1.0.154.36
Search vendor "Google" for product "Chrome" and version "1.0.154.36"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
1.0.154.39
Search vendor "Google" for product "Chrome" and version "1.0.154.39"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
1.0.154.42
Search vendor "Google" for product "Chrome" and version "1.0.154.42"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
1.0.154.43
Search vendor "Google" for product "Chrome" and version "1.0.154.43"
-
Affected
Google
Search vendor "Google"
Chrome
Search vendor "Google" for product "Chrome"
1.0.154.46
Search vendor "Google" for product "Chrome" and version "1.0.154.46"
-
Affected