Loading
Microsoft Internet Explorer before 8 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Use CWE-287, Microsoft vendor hub and Ie product page to widen CVE-2009-2057 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2009-0552, CVE-2012-1545 and CVE-2009-2069 for nearby disclosures in the same product family. Additional editorial context is available in Weekly Security Roundup: Navigating the April 2026 Threat Landscape and Critical Framework Exploits.