Lucene search

[email protected]CVE-2013-1450

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-1450

2022-10-0316:14:46

CWE-16

[email protected]

web.nvd.nist.gov

microsoft

internet explorer

proxy

tcp sessions

vulnerability

cve-2013-1450

nvd

msrc 12096gd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

5.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

JSON

Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd.

Affected configurations

NVD

Node

microsoftinternet_explorerMatch8

microsoftinternet_explorerMatch9

CPENameOperatorVersion
microsoft:internet_explorermicrosoft internet explorereq8
microsoft:internet_explorermicrosoft internet explorereq9

CPE	Name	Operator	Version
microsoft:internet_explorer	microsoft internet explorer	eq	8
microsoft:internet_explorer	microsoft internet explorer	eq	9

References

pastebin.com/raw.php?i=rz9BcBey

www.youtube.com/ChristianHaiderPoC

www.youtube.com/watch?v=TPqagWAvo8U

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

5.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.6%

JSON

Related for CVE-2013-1450

cvelist2 nvd2 prion2 seebug1 openvas2 cve1