PT-2009-4524 · Google · Google Chrome

Adam Barth

Publicado

2009-06-15

Atualizado

2009-06-23

CVE-2009-2071

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 1.0.154.53

Description The issue allows man-in-the-middle attackers to spoof an arbitrary https site. This is done by letting a browser obtain a valid certificate from the site during one request and then sending the browser a crafted 502 response page upon a subsequent request. The problem occurs when Google Chrome displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server.

Recommendations For Google Chrome versions prior to 1.0.154.53, update to version 1.0.154.53 or later to resolve the issue.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2009-2071

Produtos afetados

Google Chrome

PT-2009-4524 · Google · Google Chrome

CVE-2009-2071

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10