What is the severity of CVE-2009-2057?

CVE-2009-2057 is rated as critical due to its potential to allow remote code execution through crafted CONNECT responses.

How do I fix CVE-2009-2057?

To fix CVE-2009-2057, users should upgrade to Internet Explorer 8 or later which contains the necessary security improvements.

What versions of Internet Explorer are affected by CVE-2009-2057?

CVE-2009-2057 affects multiple versions of Internet Explorer including 3.0 up to 7.0.

Can CVE-2009-2057 lead to data breaches?

Yes, man-in-the-middle attacks exploiting CVE-2009-2057 can lead to unauthorized access to sensitive data.

Is there any workaround for CVE-2009-2057 if I cannot upgrade?

While upgrading is the best solution, limiting access to trusted network environments can help mitigate the risk of exploitation.

Vulnerability/
CVE-2009-2057

medium

5.8

CWE

287

15/6/2009

23/7/2021

CVE-2009-2057

First published: Mon Jun 15 2009(Updated: )

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Microsoft Internet Explorer	=5.22
Internet Explorer	=5
Microsoft Internet Explorer	=6.0-sp1
Internet Explorer	=6-sp1
Internet Explorer	=5.01-sp4
Microsoft Internet Explorer	=5.0-sp4
Microsoft Internet Explorer	=6.0-sp2
Internet Explorer	=7
Microsoft Internet Explorer	=5.0-sp1
Internet Explorer	=6
Internet Explorer	=5.01
Internet Explorer	=5.01-sp3
Internet Explorer	=5.5-sp2
Internet Explorer	=3.0.1
Internet Explorer	=3.0.2
Internet Explorer	=3.0
Internet Explorer	=3.1
Internet Explorer	=3.2
Internet Explorer	=4.0
Internet Explorer	=4.0.1
Internet Explorer	=4.0.1-sp2
Internet Explorer	=4.0.1-sp1
Internet Explorer	=4.01
Internet Explorer	=4.01-sp1
Internet Explorer	=4.1
Internet Explorer	=4.5
Internet Explorer	=4.40.308
Internet Explorer	=4.40.520
Internet Explorer	=4.70.1155
Internet Explorer	=4.70.1158
Internet Explorer	=4.70.1215
Internet Explorer	=4.70.1300
Internet Explorer	=4.72.3612.1713
Internet Explorer	=4.71.544
Internet Explorer	=4.71.1008.3
Internet Explorer	=4.71.1712.6
Internet Explorer	=4.72.2106.8
Internet Explorer	=4.72.3110.8
Internet Explorer	=5.0
Internet Explorer	=5.0.1
Internet Explorer	=5.0.1-sp2
Internet Explorer	=5.0.1-sp3
Internet Explorer	=5.0.1-sp4
Internet Explorer	=5.0.1-sp1
Internet Explorer	=5.00.0518.10
Internet Explorer	=5.00.0910.1309
Internet Explorer	=5.00.2014.0216
Internet Explorer	=5.00.2314.1003
Internet Explorer	=5.00.2614.3500
Internet Explorer	=5.00.2919.800
Internet Explorer	=5.00.2919.3800
Internet Explorer	=5.00.2919.6307
Internet Explorer	=5.00.2920.0000
Internet Explorer	=5.00.3103.1000
Internet Explorer	=5.00.3105.0106
Internet Explorer	=5.00.3314.2101
Internet Explorer	=5.00.3315.1000
Internet Explorer	=5.00.3502.1000
Internet Explorer	=5.00.3700.1000
Internet Explorer	=5.50.3825.1300
Internet Explorer	=5.50.4030.2400
Internet Explorer	=5.50.4134.0600
Internet Explorer	=5.50.4308.2900
Internet Explorer	=5.50.4522.1800
Internet Explorer	=5.50.4807.2300
Internet Explorer	=5.5
Internet Explorer	=5.01-sp1
Internet Explorer	=5.01-sp2
Internet Explorer	=5.1
Internet Explorer	=5.2.3
Internet Explorer	=5.5-preview
Internet Explorer	=5.5-sp1
Internet Explorer	=6.0.2600
Internet Explorer	=6.00.2462.0000
Internet Explorer	=6.00.2479.0006
Internet Explorer	=6.0
Internet Explorer	=6.0.2800
Internet Explorer	=6.0.2800.1106
Internet Explorer	=6.0.2900
Internet Explorer	=6.00.2800.1106
Internet Explorer	=6.0.2900.2180
Internet Explorer	=7.0-beta
Internet Explorer	=7.0
Internet Explorer	=7.0.5730.11
Internet Explorer	=6.00.2900.2180
Internet Explorer	=6.00.3663.0000
Internet Explorer	=6.00.3790.0000
Internet Explorer	=6.00.3790.1830
Internet Explorer	=6.00.3790.3959
Internet Explorer	=7.0-beta1
Internet Explorer	=7.0-beta3
Internet Explorer	=7.00.5730.1100
Internet Explorer	=7.00.6000.16386
Internet Explorer	=7.00.6000.16441

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-2057?
CVE-2009-2057 is rated as critical due to its potential to allow remote code execution through crafted CONNECT responses.
How do I fix CVE-2009-2057?
To fix CVE-2009-2057, users should upgrade to Internet Explorer 8 or later which contains the necessary security improvements.
What versions of Internet Explorer are affected by CVE-2009-2057?
CVE-2009-2057 affects multiple versions of Internet Explorer including 3.0 up to 7.0.
Can CVE-2009-2057 lead to data breaches?
Yes, man-in-the-middle attacks exploiting CVE-2009-2057 can lead to unauthorized access to sensitive data.
Is there any workaround for CVE-2009-2057 if I cannot upgrade?
While upgrading is the best solution, limiting access to trusted network environments can help mitigate the risk of exploitation.

agent/type
agent/references
agent/first-publish-date
agent/last-modified-date
collector/nvd-historical
agent/software-canonical-lookup-request
agent/author
agent/weakness
agent/severity
agent/tags
agent/softwarecombine
agent/description
agent/event
collector/nvd-index
vendor/microsoft
canonical/microsoft internet explorer
version/microsoft internet explorer/5.22
canonical/internet explorer
version/internet explorer/5
version/microsoft internet explorer/6.0-sp1
version/internet explorer/6-sp1
version/internet explorer/5.01-sp4
version/microsoft internet explorer/5.0-sp4
version/microsoft internet explorer/6.0-sp2
version/internet explorer/7
version/microsoft internet explorer/5.0-sp1
version/internet explorer/6
version/internet explorer/5.01
version/internet explorer/5.01-sp3
version/internet explorer/5.5-sp2
version/internet explorer/3.0.1
version/internet explorer/3.0.2
version/internet explorer/3.0
version/internet explorer/3.1
version/internet explorer/3.2
version/internet explorer/4.0
version/internet explorer/4.0.1
version/internet explorer/4.0.1-sp2
version/internet explorer/4.0.1-sp1
version/internet explorer/4.01
version/internet explorer/4.01-sp1
version/internet explorer/4.1
version/internet explorer/4.5
version/internet explorer/4.40.308
version/internet explorer/4.40.520
version/internet explorer/4.70.1155
version/internet explorer/4.70.1158
version/internet explorer/4.70.1215
version/internet explorer/4.70.1300
version/internet explorer/4.72.3612.1713
version/internet explorer/4.71.544
version/internet explorer/4.71.1008.3
version/internet explorer/4.71.1712.6
version/internet explorer/4.72.2106.8
version/internet explorer/4.72.3110.8
version/internet explorer/5.0
version/internet explorer/5.0.1
version/internet explorer/5.0.1-sp2
version/internet explorer/5.0.1-sp3
version/internet explorer/5.0.1-sp4
version/internet explorer/5.0.1-sp1
version/internet explorer/5.00.0518.10
version/internet explorer/5.00.0910.1309
version/internet explorer/5.00.2014.0216
version/internet explorer/5.00.2314.1003
version/internet explorer/5.00.2614.3500
version/internet explorer/5.00.2919.800
version/internet explorer/5.00.2919.3800
version/internet explorer/5.00.2919.6307
version/internet explorer/5.00.2920.0000
version/internet explorer/5.00.3103.1000
version/internet explorer/5.00.3105.0106
version/internet explorer/5.00.3314.2101
version/internet explorer/5.00.3315.1000
version/internet explorer/5.00.3502.1000
version/internet explorer/5.00.3700.1000
version/internet explorer/5.50.3825.1300
version/internet explorer/5.50.4030.2400
version/internet explorer/5.50.4134.0600
version/internet explorer/5.50.4308.2900
version/internet explorer/5.50.4522.1800
version/internet explorer/5.50.4807.2300
version/internet explorer/5.5
version/internet explorer/5.01-sp1
version/internet explorer/5.01-sp2
version/internet explorer/5.1
version/internet explorer/5.2.3
version/internet explorer/5.5-preview
version/internet explorer/5.5-sp1
version/internet explorer/6.0.2600
version/internet explorer/6.00.2462.0000
version/internet explorer/6.00.2479.0006
version/internet explorer/6.0
version/internet explorer/6.0.2800
version/internet explorer/6.0.2800.1106
version/internet explorer/6.0.2900
version/internet explorer/6.00.2800.1106
version/internet explorer/6.0.2900.2180
version/internet explorer/7.0-beta
version/internet explorer/7.0
version/internet explorer/7.0.5730.11
version/internet explorer/6.00.2900.2180
version/internet explorer/6.00.3663.0000
version/internet explorer/6.00.3790.0000
version/internet explorer/6.00.3790.1830
version/internet explorer/6.00.3790.3959
version/internet explorer/7.0-beta1
version/internet explorer/7.0-beta3
version/internet explorer/7.00.5730.1100
version/internet explorer/7.00.6000.16386
version/internet explorer/7.00.6000.16441