First published: Mon Jun 15 2009(Updated: )
Opera, possibly before 9.25, uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opera Opera Browser | <=9.22 | |
Opera Opera Browser | =7.0 | |
Opera Opera Browser | =7.23 | |
Opera Opera Browser | =7.53 | |
Opera Opera Browser | =7.54 | |
Opera Opera Browser | =7.60 | |
Opera Opera Browser | =8.0 | |
Opera Opera Browser | =8.01 | |
Opera Opera Browser | =8.02 | |
Opera Opera Browser | =8.50 | |
Opera Opera Browser | =8.51 | |
Opera Opera Browser | =8.52 | |
Opera Opera Browser | =8.53 | |
Opera Opera Browser | =8.54 | |
Opera Opera Browser | =9.0 | |
Opera Opera Browser | =9.01 | |
Opera Opera Browser | =9.02 | |
Opera Opera Browser | =9.10 | |
Opera Opera Browser | =9.12 | |
Opera Opera Browser | =9.20 | |
Opera Opera Browser | =9.21 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.