Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2017-8504

Опубликовано: 13 июн. 2017
Источник: msrc
CVSS3: 4.3
EPSS Средний

Описание

Microsoft Edge Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type. An attacker could use the vulnerability to read the URL of a cross-origin request. Websites that that do not securely populate the URL with confidential information could allow information to be disclosed to an attacker.

To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website in an attempt to exploit the vulnerability. In addition, the user must be logged on to a website that does not securely populate URLs with confidential information. However, in all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince the user to take action. For example, an attacker could trick a user into clicking a link that takes them to the attacker's site.

The update addresses the vulnerability by changing how the Fetch API in Microsoft Edge handles specific filtered response types.

Обновления

ПродуктСтатьяОбновление
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for 32-bit Systems
4022715
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1607 for x64-based Systems
4022715
Security Update
Microsoft Edge (EdgeHTML-based) on Windows Server 2016
4022715
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for 32-bit Systems
4022725
Security Update
Microsoft Edge (EdgeHTML-based) on Windows 10 Version 1703 for x64-based Systems
4022725
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Unlikely

Older Software Release

N/A

EPSS

Процентиль: 93%
0.11174
Средний

4.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2017-8504

CVSS3: 4.3
nvd
около 8 лет назад

Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8498.

github логотип

GHSA-hg64-q6m3-wv9w

CVSS3: 4.3
github
около 3 лет назад

Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8498.

EPSS

Процентиль: 93%
0.11174
Средний

4.3 Medium

CVSS3