Description
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35411
Vendor Advisory x_refsource_misc
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
Scores
EPSS
0.0220
EPSS Percentile
80.2%
Details
CWE
CWE-287
Status
published
Products (41)
microsoft/ie
5.0 sp1 (2 CPE variants)
microsoft/ie
5.22
microsoft/ie
6.0 sp1 (2 CPE variants)
microsoft/internet_explorer
3.0
microsoft/internet_explorer
3.0.1
microsoft/internet_explorer
3.0.2
microsoft/internet_explorer
3.1
microsoft/internet_explorer
3.2
microsoft/internet_explorer
4.0
microsoft/internet_explorer
4.0.1 (3 CPE variants)
... and 31 more
Published
Jun 15, 2009
Tracked Since
Feb 18, 2026