Описание
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
Ссылки
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- US Government Resource
- ExploitVendor Advisory
- Third Party AdvisoryUS Government Resource
- Vendor Advisory
- US Government Resource
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.64165
Средний
4.3 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
почти 4 года назад
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
EPSS
Процентиль: 98%
0.64165
Средний
4.3 Medium
CVSS2
Дефекты
CWE-20