exploitDog

CVE-2007-5277

Опубликовано: 08 окт. 2007

Источник: nvd

CVSS2: 4.3

EPSS Средний

Описание

Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560.

Ссылки

http://crypto.stanford.edu/dns/dns-rebinding.pdf
Technical Description
Third Party Advisory
http://osvdb.org/45525
Broken Link
http://crypto.stanford.edu/dns/dns-rebinding.pdf
Technical Description
Third Party Advisory
http://osvdb.org/45525
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.11463

Средний

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-rxph-92gh-ccv4

github

почти 4 года назад

Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560.

EPSS

Процентиль: 93%

0.11463

Средний

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other