CVE-2009-2057

CVE Database · CVE-2009-2057

CVE-2009-2057

· N/AModified

CVSS v3.1

N/A

EPSS

3.03%

Published

Jun 15, 2009

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

Weaknesses (CWE)

CWE-287

Affected Products (94)

microsoft · ievulnerable

microsoft · internet_explorervulnerable

References (4)

http://research.microsoft.com/apps/pubs/default.aspx?id=79323

http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

Exploit

http://research.microsoft.com/apps/pubs/default.aspx?id=79323

http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

Exploit

KEV Catalog EPSS Scores Vendors All CVEs

microsoft · internet_explorer

microsoft · internet_explorervulnerable