Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2009-0419
HistoryFeb 04, 2009 - 7:30 p.m.

CVE-2009-0419

2009-02-0419:30:00
CWE-264
[email protected]
web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.946 High

EPSS

Percentile

99.3%

JSON

Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033.

Affected configurations

NVD
Node
microsoftxml_core_services

Related

prion 2
cvelist 2
cve 2
seebug 2
nvd 1
checkpoint_advisories 1
openvas 4
securityvulns 2
mskb 1
nessus 1
prion
prion
Design/Logic Flaw
2009-02-04 19:30:00
Cross site scripting
2008-11-12 23:30:00
cvelist
cvelist
CVE-2009-0419
2009-02-04 19:00:00
CVE-2008-4033
2008-11-12 23:00:00
cve
cve
CVE-2009-0419
2009-02-04 19:30:00
CVE-2008-4033
2008-11-12 23:30:02
seebug
seebug
Microsoft XML Core Services传输编码跨域信息泄露漏洞(MS08-069)
2008-11-13 00:00:00
Microsoft XML Core Services XMLHttpRequest SetCookie2头信息泄露漏洞
2009-02-19 00:00:00
nvd
nvd
CVE-2008-4033
2008-11-12 23:30:02
checkpoint_advisories
checkpoint_advisories
Microsoft XML Core Services Chunked Request (MS08-069; CVE-2008-4033)
2008-11-11 00:00:00
openvas
openvas
Microsoft XML Core Service Information Disclosure Vulnerability
2009-02-18 00:00:00
Microsoft XML Core Service Information Disclosure Vulnerability
2009-02-18 00:00:00
Microsoft XML Core Services Remote Code Execution Vulnerability (955218)
2008-11-12 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS08-069 – Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
2008-11-12 00:00:00
Microsoft XML multiple security vulnerabilities
2008-11-12 00:00:00
mskb
mskb
MS08-069: Vulnerabilities in Microsoft XML Core Services could allow remote code execution
2018-04-17 20:28:02
nessus
nessus
MS08-069: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
2008-11-12 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.946 High

EPSS

Percentile

99.3%

JSON
Related for NVD:CVE-2009-0419
prion2cvelist2cve2seebug2nvd1checkpoint_advisories1openvas4securityvulns2mskb1nessus1