 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2009-2063 |
| Description: | Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site. |
| Test IDs: | None available |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-2063 BugTraq ID: 35412 http://www.securityfocus.com/bid/35412 http://research.microsoft.com/apps/pubs/default.aspx?id=79323 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf XForce ISS Database: opera-httpconnect-code-execution(51204) https://exchange.xforce.ibmcloud.com/vulnerabilities/51204 |