Description
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
References (2)
Core 2
Core References
Exploit x_refsource_misc
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
Vendor Advisory x_refsource_misc
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
Scores
EPSS
0.0303
EPSS Percentile
85.8%
Details
CWE
CWE-287
Status
published
Products (41)
microsoft/ie
5.0 sp1 (2 CPE variants)
microsoft/ie
5.22
microsoft/ie
6.0 sp1 (2 CPE variants)
microsoft/internet_explorer
3.0
microsoft/internet_explorer
3.0.1
microsoft/internet_explorer
3.0.2
microsoft/internet_explorer
3.1
microsoft/internet_explorer
3.2
microsoft/internet_explorer
4.0
microsoft/internet_explorer
4.0.1 (3 CPE variants)
... and 31 more
Published
Jun 15, 2009
Tracked Since
Feb 18, 2026