CVE-2009-2069

CVE Database · CVE-2009-2069

CVE-2009-2069

· N/AModified

CVSS v3.1

N/A

EPSS

2.20%

Published

Jun 15, 2009

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.

Weaknesses (CWE)

CWE-287

Affected Products (94)

microsoft · ievulnerable

microsoft · internet_explorervulnerable

References (6)

http://research.microsoft.com/apps/pubs/default.aspx?id=79323

http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

http://www.securityfocus.com/bid/35411

http://research.microsoft.com/apps/pubs/default.aspx?id=79323

http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf

http://www.securityfocus.com/bid/35411

KEV Catalog EPSS Scores Vendors All CVEs

microsoft · internet_explorer

microsoft · internet_explorervulnerable