Computer Security Global Security Mag Online anti virus spywares job oofers telecom and network security
- english:
- Product Reviews:
- Business News:
- MAGIC QUADRANT :
- Market News:
- WHITE PAPER:
- Special Reports:
- Interviews:
- Opinion:
- EVENTS:
- Security Vulnerability:
- Malware Update:
- Diary:
- Guide & Podcast:
- Jobs:
- International News:
- CONTACTS:
- TRAINING :
Global Security Magazine Online antivirus
Product Reviews
Business News
MAGIC QUADRANT 
Market News
Special Reports
Opinion
EVENTS
Security Vulnerability
Malware Update
Diary
Guide & Podcast
Jobs
International News
CONTACTS
Flux RSS
| Vigil@nce: HTTPS, information disclosure via a proxy |
| June 2009 by Vigil@nce |
| When an attacker can setup a proxy between the user and an HTTPS web server, he can obtain sensitive information. |
| Severity: 2/4 Consequences: data reading Provenance: intranet server Means of attack: no proof of concept, no attack Ability of attacker: expert (4/4) Confidence: confirmed by the editor (5/5) Diffusion of the vulnerable configuration: high (3/3) Number of vulnerabilities in this bulletin: 5 Creation date: 18/06/2009 IMPACTED PRODUCTS
DESCRIPTION OF THE VULNERABILITY The HTTPS (HTTP+SSL) protocol is used to encrypt data between the client and the server. A proxy between the client and the server cannot obtain the content of exchanges. However, several alternate attack methods can be used by a malicious proxy to obtain information from the victim’s web browser. When the proxy generates a 4xx or 5xx error page, the JavaScript code it contains is interpreted in the context of the requested HTTPS website. This JavaScript code can thus read the content of the HTTPS web site displayed in victim’s web browser. This vulnerability is corrected in IE 8, Firefox 3.0.10 and Opera 9.25. [grav:2/4; CVE-2009-2057, CVE-2009-2059] The proxy can redirect pages containing JavaScript code to a malicious site. The malicious JavaScript code is then included in the HTTPS page and interpreted in its context. This vulnerability is corrected in Firefox 3.0.10 and Opera 9.25 (IE is not vulnerable). [grav:2/4; BID-35412, CVE-2009-2061, CVE-2009-2063] When a website allows users to load the same page as HTTP or HTTPS, the proxy can use the HTTPS page in order to force the victim to enter in a SSL session, so a malicious JavaScript code can access to HTTPS data. This vulnerability is not corrected yet. [grav:2/4; CVE-2009-2064, CVE-2009-2065, CVE-2009-2067] A malicious SSL proxy can first allow a SSL session in order to force the browser to keep the SSL certificate in its cache, and then return a malicious 4xx or 5XX error page. However, this error page is displayed with attributes of a secured page (lock, green/blue address bar). This vulnerability is corrected in IE 8 and Firefox 3.0.10 (Opera is not vulnerable). [grav:2/4; BID-35411, CVE-2009-2069, CVE-2009-2070] When an HTTPS web site uses cookies without the "secured" flags, the proxy can use an HTTP session to obtain the cookie. This vulnerability will not be corrected in web browsers: it has to be corrected by web sites developers. [grav:2/4] When an attacker owns or can setup a proxy between the user and an HTTPS web server, he can therefore obtain sensitive information. CHARACTERISTICS Identifiers: BID-35411, BID-35412, CVE-2009-2057, CVE-2009-2059, CVE-2009-2061, CVE-2009-2063, CVE-2009-2064, CVE-2009-2065, CVE-2009-2067, CVE-2009-2069, CVE-2009-2070, VIGILANCE-VUL-8806 http://vigilance.fr/vulnerability/HTTPS-information-disclosure-via-a-proxy-8806 |
< previous next > |
HTTPS
