Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2005-4827

Опубликовано: 31 дек. 2005
Источник: nvd
CVSS2: 7.5
EPSS Средний

Описание

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:ie:6:*:microsoft_windows_server_2003_sp1:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:*:windows_2000:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:*:windows_server_2003:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:*:windows_server:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:*:windowsxp:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:windows_2000:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:windows_xp:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp2:windows_xp:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:windows_xp_sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*

EPSS

Процентиль: 95%
0.19029
Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

github логотип

GHSA-c25g-j43f-w7p8

github
почти 4 года назад

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.

EPSS

Процентиль: 95%
0.19029
Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other