CVE-2009-2070

Name of the Vulnerable Software and Affected Versions Opera (affected versions not specified)

Description The issue allows man-in-the-middle attackers to spoof an arbitrary https site. This is done by letting a browser obtain a valid certificate from the site during one request and then sending the browser a crafted 502 response page upon a subsequent request. The attackers can exploit this by displaying a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.