exploits , vulnerabilities , articles , Multiple Browsers Web Proxy Redirect Handling Man In The Middle Vulnerability

Title	Multiple Browsers Web Proxy Redirect Handling Man In The Middle Vulnerability
Published	2009-05-01-12:00AM
Updated	2009-08-06-12:04AM
Class	Design Error
CVE	CVE-2009-2061 E-2009-2062CV 2009-2063
Remote	Yes
Local	No
Credit	Shuo Chen, Ziqing Mao, Yi-Min Wang, and Ming Zhang of Microsoft Security Research
Vulnerable	Opera Software Opera Web Browser 8.51 Opera Software Opera Web Browser 8.50 Opera Software Opera Web Browser 8.0.2 Opera Software Opera Web Browser 8.0 2 Opera Software Opera Web Browser 8.0 1 Opera Software Opera Web Browser 8.0 Opera Software Opera Web Browser 7.54 Opera Software Opera Web Browser 7.53 Opera Software Opera Web Browser 7.52 Opera Software Opera Web Browser 7.51 Opera Software Opera Web Browser 7.50 Opera Software Opera Web Browser 7.23 Opera Software Opera Web Browser 7.22 Opera Software Opera Web Browser 7.21 Opera Software Opera Web Browser 7.20 Beta 1 build 2981 Opera Software Opera Web Browser 7.20 Opera Software Opera Web Browser 7.11 j Opera Software Opera Web Browser 7.11 b Opera Software Opera Web Browser 7.11 Opera Software Opera Web Browser 7.10 Opera Software Opera Web Browser 7.0 win32 Beta 2 Opera Software Opera Web Browser 7.0 win32 Beta 1 Opera Software Opera Web Browser 7.0 win32 Opera Software Opera Web Browser 7.0 3win32 Opera Software Opera Web Browser 7.0 2win32 Opera Software Opera Web Browser 7.0 1win32 Opera Software Opera Web Browser 6.10 linux Opera Software Opera Web Browser 6.0.5 win32 Opera Software Opera Web Browser 6.0.4 win32 Opera Software Opera Web Browser 6.0.3 win32 Opera Software Opera Web Browser 6.0.3 linux Opera Software Opera Web Browser 6.0.2 win32 Opera Software Opera Web Browser 6.0.2 linux Opera Software Opera Web Browser 6.0.1 win32 Opera Software Opera Web Browser 6.0.1 linux Opera Software Opera Web Browser 6.0.1 Opera Software Opera Web Browser 6.0 win32 Opera Software Opera Web Browser 6.0 6 Opera Software Opera Web Browser 6.0 .6win32 Opera Software Opera Web Browser 6.0 Opera Software Opera Web Browser 5.12 win32 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 95 Microsoft Windows 98 SP1 Microsoft Windows 98 Microsoft Windows 98SE Microsoft Windows ME Microsoft Windows NT 4.0 SP6a Microsoft Windows NT 4.0 SP5 Microsoft Windows NT 4.0 SP4 Microsoft Windows NT 4.0 SP3 Microsoft Windows NT 4.0 SP2 Microsoft Windows NT 4.0 SP1 Microsoft Windows NT 4.0 Opera Software Opera Web Browser 5.12 Opera Software Opera Web Browser 5.1 1 win32 Microsoft Windows 2000 Professional Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows NT 4.0 Opera Software Opera Web Browser 5.1 0 win32 Opera Software Opera Web Browser 5.0 Linux Opera Software Opera Web Browser 5.0 2 win32 Microsoft Windows 2000 Professional Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows NT 4.0 Opera Software Opera Web Browser 5.0 Mac Opera Software Opera Web Browser 9.24 Opera Software Opera Web Browser 9.23 Opera Software Opera Web Browser 9.22 Opera Software Opera Web Browser 9.21 Opera Software Opera Web Browser 9.20 beta1 Opera Software Opera Web Browser 9.20 Opera Software Opera Web Browser 9.10 Opera Software Opera Web Browser 9.02 Opera Software Opera Web Browser 9.01 Opera Software Opera Web Browser 9 Opera Software Opera Web Browser 8.54 Opera Software Opera Web Browser 8.53 Opera Software Opera Web Browser 8.52 Opera Software Opera Web Browser 8 Beta 3 Mozilla Firefox 3.0.9 Mozilla Firefox 3.0.8 Mozilla Firefox 3.0.7 Beta Mozilla Firefox 3.0.7 Mozilla Firefox 3.0.6 Mozilla Firefox 3.0.5 Mozilla Firefox 3.0.4 Mozilla Firefox 3.0.3 Mozilla Firefox 3.0.2 Mozilla Firefox 3.0.1 Mozilla Firefox 2.0 8 Mozilla Firefox 2.0 20 Mozilla Firefox 2.0 17 Mozilla Firefox 2.0 16 Mozilla Firefox 2.0 .9 Mozilla Firefox 2.0 .7 Mozilla Firefox 2.0 .6 Mozilla Firefox 2.0 .5 Mozilla Firefox 2.0 .4 Mozilla Firefox 2.0 .3 Mozilla Firefox 2.0 .19 Mozilla Firefox 2.0 .10 Mozilla Firefox 2.0 .1 Mozilla Firefox 1.5 beta 2 Mozilla Firefox 1.5 beta 1 Mozilla Firefox 1.5 12 Mozilla Firefox 1.5 .8 Mozilla Firefox 1.5 .6 Mozilla Firefox 1.5 Mozilla Firefox 1.5 Mozilla Firefox 1.0.8 Mozilla Firefox 1.0.7 Mozilla Firefox 1.0.6 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.5 Mozilla Firefox 1.0.4 Mozilla Firefox 1.0.3 Mozilla Firefox 1.0.2 MandrakeSoft Linux Mandrake 10.2 x86_64 MandrakeSoft Linux Mandrake 10.2 MandrakeSoft Linux Mandrake 10.2 RedHat Desktop 4.0 RedHat Desktop 4.0 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux AS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 4 Mozilla Firefox 1.0.1 Mozilla Firefox 1.0 Mozilla Firefox 0.10.1 Mozilla Firefox 0.10 Mozilla Firefox 0.9.3 Mozilla Firefox 0.9.2 Mozilla Firefox 0.9.1 Mozilla Firefox 0.9 rc Mozilla Firefox 0.9 Mozilla Firefox 0.8 Mozilla Firefox 3.0 Beta 5 Mozilla Firefox 3.0 Mozilla Firefox 2.0.0.3 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0.0.18 Mozilla Firefox 2.0.0.15 Mozilla Firefox 2.0.0.14 Mozilla Firefox 2.0.0.13 Mozilla Firefox 2.0.0.12 Mozilla Firefox 2.0.0.11 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0.0.10 Mozilla Firefox 2.0 RC3 Mozilla Firefox 2.0 RC2 Mozilla Firefox 2.0 beta 1 Mozilla Firefox 2.0 Mozilla Firefox 1.5.0.9 Mozilla Firefox 1.5.0.7 Mozilla Firefox 1.5.0.6 Mozilla Firefox 1.5.0.5 Mozilla Firefox 1.5.0.4 Mozilla Firefox 1.5.0.3 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.11 Mozilla Firefox 1.5.0.11 Mozilla Firefox 1.5.0.10 Mozilla Firefox 1.5.0.1 MandrakeSoft Linux Mandrake 2009.1 x86_64 MandrakeSoft Linux Mandrake 2009.1 MandrakeSoft Linux Mandrake 2009.0 x86_64 MandrakeSoft Linux Mandrake 2009.0 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Apple Safari 3.1.2 for Windows Apple Safari 3.1.2 Apple Safari 3.1.1 for Windows Apple Safari 3.1.1 Apple Safari 3.0.4 Beta for Windows Apple Safari 3.0.3 Apple Safari 3.0.3 Apple Safari 3.0.2 Beta for Windows Apple Safari 3.0.2 Beta Apple Safari 3.0.1 Beta for Windows Apple Safari 3.0.1 Beta Apple Safari 2.0.4 Apple Safari 2.0.3 Apple Safari 2.0.2 Apple Safari 2.0.1 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Safari 1.3.2 Apple Safari 1.3.1 Apple Safari 1.3 Apple Mac OS X 10.3.9 Apple Safari 1.2.3 Apple Safari 1.2.2 Apple Safari 1.2.1 Apple Safari 1.2 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.2 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.2 Apple Safari 1.1 Apple Safari 1.0 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.2 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.2 Apple Safari 3.2 Apple Safari 3.1 for Windows Apple Safari 3.1 Apple Safari 3 Beta for Windows Apple Safari 3 Beta Apple Safari 3
Not Vulnerable	Opera Software Opera Web Browser 9.25 Mozilla Firefox 3.0.10 Apple Safari 3.2.2 for Windows Apple Safari 4 for Windows Apple Safari 4
Code	An attacker may use readily available tools to exploit this issue.
TXT

Vulnerabilities - newest 10 RSS | More

• 2009-12-17 Mozilla Firefox CVE-2009-3979 Multiple Remote Memory Corruption Vulnerabilities
• 2009-12-17 Mozilla Firefox CVE-2009-3981 Remote Memory Corruption Vulnerability
• 2009-12-17 Drupal Sections Module HTML Injection Vulnerability
• 2009-12-17 Mozilla Firefox and SeaMonkey Theora Video Library Remote Integer Overflow Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Insecure Protocol Location Bar Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox and Sea Monkey Content Injection Spoofing Vulnerability
• 2009-12-17 Mozilla Firefox/SeaMonkey GeckoActiveXObject Exception Message COM Object Enumeration Vulnerability
• 2009-12-16 ZABBIX Denial Of Service and SQL Injection Vulnerabilities
• 2009-12-16 IBM WebSphere Application Server JNDI Remote Information Disclosure Vulnerability
• 2009-12-16 Horde Application Framework Administration Interface Cross-Site Scripting Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Thu, 17 Dec 2009 15:41:01 +0000