Описание
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | 2:1.7.12-1.1ubuntu2 |
| devel | DNE | |
| edgy | not-affected | 2:1.7.13-0.2ubuntu1 |
| feisty | DNE | |
| gutsy | DNE | |
| upstream | released | 1.7.12 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 1.1.9+nobinonly-0ubuntu1 |
| edgy | DNE | |
| feisty | DNE | |
| gutsy | DNE | |
| upstream | released | 1.7.12 |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object.
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE met ...
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object.
EPSS
4.3 Medium
CVSS2