Loading
Microsoft Internet Explorer before 8 displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request.
Use CWE-287, Microsoft vendor hub and Ie product page to widen CVE-2009-2069 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2009-0552, CVE-2012-1545 and CVE-2009-2057 for nearby disclosures in the same product family. Additional editorial context is available in Weekly Security Roundup: Navigating the April 2026 Threat Landscape and Critical Framework Exploits.