FKIE_CVE-2009-2068
Vulnerability from fkie_nvd - Published: 2009-06-15 19:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:opera:opera:5..10:*:*:*:*:*:*:*",
"matchCriteriaId": "40073FD8-6E5A-4770-837A-CAF0C8FD2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F071C3F7-A3C4-475D-8843-B52F2DB7C56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "1CBC39B3-4106-4B28-8AFB-4F4B5B5119D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_3:*:*:*:*:*:*",
"matchCriteriaId": "763CEF7F-AAB2-4C16-BDC2-E5F864111592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_4:*:*:*:*:*:*",
"matchCriteriaId": "B66F0EC7-452C-4847-B028-5086FE657440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_5:*:*:*:*:*:*",
"matchCriteriaId": "5F966486-485B-4B0D-9BE1-F1D39CB08863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_6:*:*:*:*:*:*",
"matchCriteriaId": "A32E4272-6CEF-4C1C-BDA2-96863E8301DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_7:*:*:*:*:*:*",
"matchCriteriaId": "47B21D05-A906-44B5-AEDA-73D383B905E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.0:beta_8:*:*:*:*:*:*",
"matchCriteriaId": "E0BA115B-C42E-4794-90BC-778B0C85CE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00ED2069-849A-4E62-88B3-323A8682F573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.02:*:*:*:*:*:*:*",
"matchCriteriaId": "7C0F2643-923D-4072-B5A4-6321066C3AAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5830888-AE31-4C80-A923-EA83B4464859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D45E22AA-46A6-42F3-9E5B-95958163EF6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "655604B2-773D-4F94-951B-6E17E123EFA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5E856FB7-7315-4ABF-A835-0BEF9BA10DC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DE22CFC5-1607-4FF1-8681-24AE2C167C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF854C3-7C1A-4B0D-B27D-10B52B9C41E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9C27A748-0792-499F-A3A1-3C9528A5AD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E606F772-09E2-40F1-84C1-1A5B2BBD2FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4500A623-BD2C-461A-B862-2C51BD25BE71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E77793-94BC-47D8-B2D1-D3B020DEF93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C0EC8D15-02D5-4988-85FD-50B1ABCC7B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "BC32B83A-4E91-4D1D-8051-35F339E61A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF315DF-C0C9-468C-8C7E-C4547AF431FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "63114EE0-54F7-4418-9B9E-C37BB2869F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "CF5C9CB9-6396-415D-AC64-312F47A76177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.0:beta_3:*:*:*:*:*:*",
"matchCriteriaId": "C8F3056A-14B5-411F-8FE8-80AF5605001D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF6B223-8575-40C7-9EDA-BDDCF6ABDBAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B5159296-AD9C-4199-B5DF-539EE61D45A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.02:*:*:*:*:*:*:*",
"matchCriteriaId": "BE952E7C-EBDC-4652-95C3-C308BBEF1FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.03:*:*:*:*:*:*:*",
"matchCriteriaId": "EE616514-882C-4ED2-BB0C-1248B8316ED2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.04:*:*:*:*:*:*:*",
"matchCriteriaId": "00A6FD59-C258-4A49-81C9-F6E58FB30117",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.05:*:*:*:*:*:*:*",
"matchCriteriaId": "DADA8A93-4DF4-4C95-860E-65CA46B12DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EF0387-AEFC-40BC-A7C8-28F175844CC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B176A-1200-4E75-BFC0-AA5F87E2AA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "911B0336-02CE-426C-ABFF-8CFD3BC146CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "26FC4ABB-EDA9-426D-ADC9-E7DABEB8A64E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5435A52-0F9D-41AC-9FF9-93A512D0103C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "790C5B0D-9A06-4C0C-BBBF-9B4C17857213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.0:beta_1v2:*:*:*:*:*:*",
"matchCriteriaId": "620666CE-AABB-4A36-9566-425F2C810F55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "BD72F9AF-EFD5-408B-9FC3-6341F92B39B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.01:*:*:*:*:*:*:*",
"matchCriteriaId": "2590789F-F333-4AD0-82B4-D6D9B9E0F5AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.02:*:*:*:*:*:*:*",
"matchCriteriaId": "355242B3-33ED-4B65-8373-3CDC6C556B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.03:*:*:*:*:*:*:*",
"matchCriteriaId": "A685E97D-3B0F-4C69-8124-F3AB26905124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4FDEC39-7B53-4AD9-9EDF-D95860264345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CE7F056E-BB13-4453-8065-C18E6171AC0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "0221A7DE-9F8F-46A4-B609-1F10D2606370",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.20:beta7:*:*:*:*:*:*",
"matchCriteriaId": "A3089B27-E279-46B8-91C3-2040DBEBC281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7433778F-DE4F-48A7-8AF7-8DBD17DC4C5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.22:*:*:*:*:*:*:*",
"matchCriteriaId": "02178B82-3805-4B7C-B341-4F4E280B4DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.23:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8888D-6CC5-4ED8-9907-0B9709F2980A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.30:*:*:*:*:*:*:*",
"matchCriteriaId": "431AE65C-5A7A-48D3-8A73-EC20CC86CB5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8A860F7C-F2FF-40A9-88DA-35766836A8F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.50:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "47871B2C-F6DA-4C92-BA15-90BA8FE3F979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.51:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E2EA7B-19D5-4A6A-88BE-BEEEAA792536",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.52:*:*:*:*:*:*:*",
"matchCriteriaId": "8E50D780-F507-49BC-8C34-477C6A7C3741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.54:*:*:*:*:*:*:*",
"matchCriteriaId": "3BA7025B-BBB5-43BC-AB6E-E41E56430AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.54:update_1:*:*:*:*:*:*",
"matchCriteriaId": "5E33873C-DFD6-4450-8A9A-31CF2437E5FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:7.55:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC4A969-1099-4F99-AA39-0BDB7654044C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00336594-FE61-4815-B52F-90BE545E9428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "262ADE2E-4E91-4BA3-AAAD-A1B3A18EAAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.0:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "587EBDA2-C0F1-469B-A9A9-68634CF058A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.01:*:*:*:*:*:*:*",
"matchCriteriaId": "9CCE749D-8553-4365-A8C5-A6C9037FEAFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.02:*:*:*:*:*:*:*",
"matchCriteriaId": "38F2F078-9620-4ED1-BA42-44C167DEF2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.51:*:*:*:*:*:*:*",
"matchCriteriaId": "A006AB3D-3228-4980-A45C-F331E8236867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.52:*:*:*:*:*:*:*",
"matchCriteriaId": "625DF977-9C3A-4904-BF77-DE1CE7C9AA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.53:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C0B1FD-140F-43BF-963F-55C6929DE68B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:8.54:*:*:*:*:*:*:*",
"matchCriteriaId": "244D2B12-5C3A-4007-B93C-0194417C00A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.0:beta_1:*:*:*:*:*:*",
"matchCriteriaId": "C1C64664-5B10-48E4-A457-56DBC8EB30D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.01:*:*:*:*:*:*:*",
"matchCriteriaId": "85AD3AC7-F403-4A80-B56B-D32DF61A708A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.02:*:*:*:*:*:*:*",
"matchCriteriaId": "DADC950D-2542-43B3-BC71-FFE3AD76E29B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.10:*:*:*:*:*:*:*",
"matchCriteriaId": "62EFDBC5-7ADB-4F66-8F0A-B234FC9C9B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.20:*:*:*:*:*:*:*",
"matchCriteriaId": "B57ECE1A-72DE-4E9C-B762-2935A964277F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B8C204EE-8435-4CCA-B08C-60E702441AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:opera:opera:9.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B766176F-E80A-433A-AC30-1A1265FCDE53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Google Chrome detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site\u0027s context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
},
{
"lang": "es",
"value": "Google Chrome detecta contenido http en p\u00e1ginas https \u00fanicamente cuando el marco (frame) de nivel superior usa https, lo que permite a atacantes \"hombre-en-medio\" (man-in-the-middle o MITM) ejecutar secuencias de comandos web de su elecci\u00f3n, en un contexto de sitio https, modificando una p\u00e1gina http para incluir un iframe https que referencia al archivo en un sitio http con la secuencia de comandos. Relacionado con \"P\u00e1ginas HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
}
],
"id": "CVE-2009-2068",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-06-15T19:30:05.670",
"references": [
{
"source": "cve@mitre.org",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
},
{
"source": "cve@mitre.org",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51192"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…