Web Scripting Vulnerability in Microsoft Internet Explorer
CVE-2009-2057

Currently unrated

Key Information:

Vendor: Microsoft
Status: Ie; Internet Explorer
Vendor: CVE Published:; 15 June 2009

Summary

Microsoft Internet Explorer versions prior to 8 are vulnerable due to their reliance on the HTTP Host header in interpreting the context of documents from a proxy server's 4xx or 5xx CONNECT response. This flaw can be exploited by malicious actors in man-in-the-middle attacks, enabling them to alter the CONNECT response and execute arbitrary web scripts. As a result, users may unknowingly execute malicious code, compromising their security while browsing the web.

References

http://research.microsoft.com/pubs/79323/pbp-final-with-u...

x_refsource_MISC

http://research.microsoft.com/apps/pubs/default.aspx?id=7...

x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 15, 2009