CVE-2009-2070
Opera Browser - Certificate Spoofing via Cached Proxy Response
Title source: llmDescription
Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_misc
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35411
Vendor Advisory x_refsource_misc
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
Scores
EPSS
0.0014
EPSS Percentile
34.0%
Details
CWE
CWE-287
Status
published
Products (1)
opera/opera_browser
Published
Jun 15, 2009
Tracked Since
Feb 18, 2026