Auth bypass in Microsoft Ie

CVE-2009-2057

Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web…

Vulnerability class: Broken Authentication

EPSS: 0.030 (85.8th percentile) — read the EPSS interpretation.

Affected products

Microsoft Ie — versions 5.0, 5.22, 6.0
Microsoft Internet_explorer — versions 3.0, 3.0.1, 3.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (x_refsource_MISC)