Lucene search

[email protected]CVE-2005-4827

HistoryFeb 07, 2007 - 8:00 p.m.

CVE-2005-4827

2007-02-0720:00:00

[email protected]

web.nvd.nist.gov

cve-2005-4827

internet explorer

xmlhttprequest

security policy

same origin policy

http request smuggling

referer spoofing

microsoft.xmlhttp

proxy servers

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.225 Low

EPSS

Percentile

96.5%

JSON

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.

Affected configurations

NVD

Node

microsoftieMatch6microsoft_windows_server_2003_sp1

microsoftieMatch6windows_2000

microsoftieMatch6windows_server_2003

microsoftieMatch6windows_xp_professional_64bit

microsoftieMatch6sp1windows_98

microsoftieMatch6sp1windows_98_se

microsoftieMatch6sp1windows_millennium

microsoftieMatch6sp1windows_xpsp1

microsoftieMatch6windows_2000_sp4

microsoftieMatch6windows_server_2003_sp1

microsoftieMatch6windows_server_2003_sp1_itanium

microsoftieMatch6windows_server_2003_sp1_itanium_systems

microsoftieMatch6windows_xp_sp2

microsoftieMatch6.0windows_server

microsoftieMatch6.0windows_server_2003

microsoftieMatch6.0windowsxp

microsoftieMatch6.0sp1

microsoftieMatch6.0sp1windows_2000

microsoftieMatch6.0sp1windows_xp

microsoftieMatch6.0sp2

microsoftieMatch6.0sp2windows_xp

microsoftieMatch6.0windows_xp_sp2

microsoftinternet_explorerMatch6sp1

microsoftinternet_explorerMatch6.0

microsoftinternet_explorerMatch6.0.2600

microsoftinternet_explorerMatch6.0.2800

microsoftinternet_explorerMatch6.0.2800.1106

microsoftinternet_explorerMatch6.0.2900.2180

canonnetwork_camera_server_vb101

CPENameOperatorVersion
microsoft:iemicrosoft ieeq6
microsoft:iemicrosoft ieeq6.0
microsoft:internet_explorermicrosoft internet explorereq6
microsoft:internet_explorermicrosoft internet explorereq6.0
microsoft:internet_explorermicrosoft internet explorereq6.0.2600
microsoft:internet_explorermicrosoft internet explorereq6.0.2800
microsoft:internet_explorermicrosoft internet explorereq6.0.2800.1106
microsoft:internet_explorermicrosoft internet explorereq6.0.2900.2180
canon:network_camera_server_vb101canon network camera server vb101eq*

CPE	Name	Operator	Version
microsoft:ie	microsoft ie	eq	6
microsoft:ie	microsoft ie	eq	6.0
microsoft:internet_explorer	microsoft internet explorer	eq	6
microsoft:internet_explorer	microsoft internet explorer	eq	6.0
microsoft:internet_explorer	microsoft internet explorer	eq	6.0.2600
microsoft:internet_explorer	microsoft internet explorer	eq	6.0.2800
microsoft:internet_explorer	microsoft internet explorer	eq	6.0.2800.1106
microsoft:internet_explorer	microsoft internet explorer	eq	6.0.2900.2180
canon:network_camera_server_vb101	canon network camera server vb101	eq	*

References

seclists.org/fulldisclosure/2007/Feb/0081.html

www.securityfocus.com/archive/1/411585

www.securityfocus.com/archive/1/459172/100/0/threaded

www.securityfocus.com/bid/14969

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.225 Low

EPSS

Percentile

96.5%

JSON

Related for CVE-2005-4827

nvd1 cvelist1