Описание
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
Ссылки
- US Government Resource
- US Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_parser:2.6:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.55388
Средний
2.6 Low
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
EPSS
Процентиль: 98%
0.55388
Средний
2.6 Low
CVSS2
Дефекты
NVD-CWE-Other