Auth bypass in Microsoft Ie

CVE-2009-2069

Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser ob…

Vulnerability class: Broken Authentication

EPSS: 0.022 (80.2th percentile) — read the EPSS interpretation.

Affected products

Microsoft Ie — versions 5.0, 5.22, 6.0
Microsoft Internet_explorer — versions 3.0, 3.0.1, 3.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

cve@mitre.org (x_refsource_MISC)
cve@mitre.org (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_MISC)