What is the severity of CVE-2009-2064?

CVE-2009-2064 is rated as critical due to its potential to allow man-in-the-middle attacks.

How do I fix CVE-2009-2064?

To mitigate CVE-2009-2064, users should upgrade to the latest version of Internet Explorer or apply any available security updates.

Which versions of Internet Explorer are affected by CVE-2009-2064?

CVE-2009-2064 affects multiple versions of Internet Explorer, including 5, 6, 7, and 8.

Can CVE-2009-2064 affect secure content?

Yes, CVE-2009-2064 can allow insecure HTTP content to compromise the security of HTTPS sites.

What type of attack does CVE-2009-2064 facilitate?

CVE-2009-2064 facilitates man-in-the-middle attacks that enable arbitrary script execution within the context of an HTTPS site.

Vulnerability/
CVE-2009-2064

medium

6.8

CWE

287

15/6/2009

30/10/2018

CVE-2009-2064

First published: Mon Jun 15 2009(Updated: )

Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Internet Explorer	=7.0.5730
Internet Explorer	=8.0b
Internet Explorer	=8
Internet Explorer	=5
Internet Explorer	=6-sp1
Internet Explorer	=6-sp2
Microsoft Pocket Internet Explorer	=3.0
Internet Explorer	=5.01-sp4
Internet Explorer	=7
Internet Explorer	=8-beta1
Internet Explorer	=6
Internet Explorer	<=8
Microsoft Pocket Internet Explorer	=2.0
Microsoft Pocket Internet Explorer	=4.0
Microsoft Pocket Internet Explorer	=2002
Microsoft Pocket Internet Explorer	=2003
Microsoft Pocket Internet Explorer	=1.1
Microsoft Pocket Internet Explorer	=1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-2064?
CVE-2009-2064 is rated as critical due to its potential to allow man-in-the-middle attacks.
How do I fix CVE-2009-2064?
To mitigate CVE-2009-2064, users should upgrade to the latest version of Internet Explorer or apply any available security updates.
Which versions of Internet Explorer are affected by CVE-2009-2064?
CVE-2009-2064 affects multiple versions of Internet Explorer, including 5, 6, 7, and 8.
Can CVE-2009-2064 affect secure content?
Yes, CVE-2009-2064 can allow insecure HTTP content to compromise the security of HTTPS sites.
What type of attack does CVE-2009-2064 facilitate?
CVE-2009-2064 facilitates man-in-the-middle attacks that enable arbitrary script execution within the context of an HTTPS site.

agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/author
agent/weakness
agent/severity
agent/tags
agent/softwarecombine
agent/description
agent/event
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/microsoft
canonical/internet explorer
version/internet explorer/7.0.5730
version/internet explorer/8.0b
version/internet explorer/8
version/internet explorer/5
version/internet explorer/6-sp1
version/internet explorer/6-sp2
canonical/microsoft pocket internet explorer
version/microsoft pocket internet explorer/3.0
version/internet explorer/5.01-sp4
version/internet explorer/7
version/internet explorer/8-beta1
version/internet explorer/6
version/microsoft pocket internet explorer/2.0
version/microsoft pocket internet explorer/4.0
version/microsoft pocket internet explorer/2002
version/microsoft pocket internet explorer/2003
version/microsoft pocket internet explorer/1.1
version/microsoft pocket internet explorer/1.0