exploitDog

CVE-2011-4689

Опубликовано: 07 дек. 2011

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

Ссылки

http://lcamtuf.coredump.cx/cachetime/
Exploit
http://secunia.com/advisories/47129
Vendor Advisory
http://lcamtuf.coredump.cx/cachetime/
Exploit
http://secunia.com/advisories/47129
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*

cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.15984

Средний

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-vg75-g6fc-cfrr

github

больше 3 лет назад

Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.

EPSS

Процентиль: 95%

0.15984

Средний

5 Medium

CVSS2

Дефекты

CWE-264