CVE-2009-2071
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Google Chrome before 1.0.154.53 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
Google Chrome anteriores a v1.0.154.53 muestra un certificado cacheado para una página de respuesta de CONEXIÓN (1) 4xx o (2) 5xx a través de un servidor proxy, lo que permite a un atacante "hombre en el medio" suplantar un sitio https permitiendo a un navegador obtener certificados válidos desde este sitio durante una petición, y enviando al navegador una página de respuesta 502 manipulada sobre una subsiguiente petición.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-06-15 CVE Reserved
- 2009-06-15 CVE Published
- 2023-12-14 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://code.google.com/p/chromium/issues/detail?id=7338 | X_refsource_misc | |
http://code.google.com/p/chromium/issues/detail?id=8473 | X_refsource_misc | |
http://research.microsoft.com/apps/pubs/default.aspx?id=79323 | X_refsource_misc | |
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf | X_refsource_misc | |
http://src.chromium.org/viewvc/chrome?view=rev&revision=11669 | X_refsource_confirm | |
http://www.securityfocus.com/bid/35411 | Vdb Entry | |
https://bugzilla.mozilla.org/show_bug.cgi?id=479880 | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | <= 1.0.154.52 Search vendor "Google" for product "Chrome" and version " <= 1.0.154.52" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 0.2.149.29 Search vendor "Google" for product "Chrome" and version "0.2.149.29" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 0.2.149.30 Search vendor "Google" for product "Chrome" and version "0.2.149.30" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 0.2.152.1 Search vendor "Google" for product "Chrome" and version "0.2.152.1" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 0.2.153.1 Search vendor "Google" for product "Chrome" and version "0.2.153.1" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 0.3.154.0 Search vendor "Google" for product "Chrome" and version "0.3.154.0" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 0.3.154.3 Search vendor "Google" for product "Chrome" and version "0.3.154.3" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 0.4.154.18 Search vendor "Google" for product "Chrome" and version "0.4.154.18" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 0.4.154.22 Search vendor "Google" for product "Chrome" and version "0.4.154.22" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 0.4.154.31 Search vendor "Google" for product "Chrome" and version "0.4.154.31" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 0.4.154.33 Search vendor "Google" for product "Chrome" and version "0.4.154.33" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 1.0.154.36 Search vendor "Google" for product "Chrome" and version "1.0.154.36" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 1.0.154.39 Search vendor "Google" for product "Chrome" and version "1.0.154.39" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 1.0.154.42 Search vendor "Google" for product "Chrome" and version "1.0.154.42" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 1.0.154.43 Search vendor "Google" for product "Chrome" and version "1.0.154.43" | - |
Affected
| ||||||
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 1.0.154.46 Search vendor "Google" for product "Chrome" and version "1.0.154.46" | - |
Affected
|