Lucene search

K

[email protected]NVD:CVE-2009-4074

HistoryNov 25, 2009 - 6:30 p.m.

CVE-2009-4074

2009-11-2518:30:00

[email protected]

web.nvd.nist.gov

1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.0%

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the “response-changing mechanism” to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka “XSS Filter Script Handling Vulnerability.”

Affected configurations

NVD

Node

microsoftinternet_explorerMatch8

References

hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/

www.owasp.org/images/5/50/OWASP-Italy_Day_IV_Maone.pdf

www.securityfocus.com/bid/37135

www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/

docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7715

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.0%

Related for NVD:CVE-2009-4074

openvas4 prion2 cvelist2 cve2 nvd1 securityvulns2 mskb1 nessus1