Описание
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-4685
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-061
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A221
- http://secunia.com/advisories/22333
- http://securitytracker.com/id?1017033
- http://www.kb.cert.org/vuls/id/547212
- http://www.osvdb.org/29425
- http://www.securityfocus.com/archive/1/449179/100/0/threaded
- http://www.securityfocus.com/bid/20339
- http://www.vupen.com/english/advisories/2006/3980
EPSS
Процентиль: 98%
0.55388
Средний
CVE ID
Связанные уязвимости
nvd
больше 19 лет назад
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
EPSS
Процентиль: 98%
0.55388
Средний