Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2007-5355
HistoryDec 05, 2007 - 11:46 a.m.

CVE-2007-5355

2007-12-0511:46:00
[email protected]
web.nvd.nist.gov
22
cve-2007-5355
web proxy auto-discovery
wpad
internet explorer
dns
mitm
nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

High

0.08 Low

EPSS

Percentile

94.3%

JSON

The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.

Affected configurations

NVD
Node
microsoftwindows_2000sp4
AND
microsoftinternet_explorerMatch5.01sp4
Node
microsoftwindows_2000sp4
AND
microsoftinternet_explorerMatch6sp1
Node
microsoftwindows_2003_serverMatch64-bit
OR
microsoftwindows_2003_serverMatch64-bit_sp2
OR
microsoftwindows_2003_serverMatchitanium_sp1
OR
microsoftwindows_2003_serverMatchitanium_sp2
OR
microsoftwindows_2003_serverMatchsp1
OR
microsoftwindows_2003_serverMatchsp2
OR
microsoftwindows_xpsp2
AND
microsoftinternet_explorerMatch6
Node
microsoftwindows_2003_serverMatch64-bit
OR
microsoftwindows_2003_serverMatch64-bit_sp2
OR
microsoftwindows_2003_serverMatchitanium_sp1
OR
microsoftwindows_2003_serverMatchitanium_sp2
OR
microsoftwindows_2003_serverMatchsp1
OR
microsoftwindows_2003_serverMatchsp2
OR
microsoftwindows_vistax64
OR
microsoftwindows_xpsp2
AND
microsoftinternet_explorerMatch7

Related

nvd 1
seebug 2
prion 1
cvelist 1
nvd
nvd
CVE-2007-5355
2007-12-05 11:46:00
seebug
seebug
Microsoft Web Proxy Auto-Discovery代理欺ιͺ—ζΌζ΄ž
2007-12-10 00:00:00
Microsoft Web代理θ‡ͺεŠ¨ε‘ηŽ°εŠŸθƒ½δ»£η†ζ¬Ίιͺ—ζΌζ΄ž
2007-12-20 00:00:00
prion
prion
Design/Logic Flaw
2007-12-05 11:46:00
cvelist
cvelist
CVE-2007-5355
2007-12-05 11:00:00

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

AI Score

Confidence

High

0.08 Low

EPSS

Percentile

94.3%

JSON
Related for CVE-2007-5355
nvd1seebug2prion1cvelist1