Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (c) 2013 Greenbone Networks GmbHOPENVAS:803305
HistoryFeb 04, 2013 - 12:00 a.m.

MS IE Information Disclosure and Web Site Spoofing Vulnerabilities

2013-02-0400:00:00
Copyright (c) 2013 Greenbone Networks GmbH
plugins.openvas.org
5

0.064 Low

EPSS

Percentile

93.7%

JSON

This host is installed with Microsoft Internet Explorer and is
prone to information disclosure and web site spoofing vulnerabilities.

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ms_ie_info_disc_n_spoof_vuln.nasl 6104 2017-05-11 09:03:48Z teissa $
#
# MS IE Information Disclosure and Web Site Spoofing Vulnerabilities
#
# Authors:
# Arun Kallavi <[email protected]>
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation allows attackers to disclose the
sensitive information and view the contents of spoofed site or carry out
phishing attacks.

Impact Level: Application";

tag_affected = "Microsoft Internet Explorer versions 8 and 9";

tag_insight = 
"The proxy settings configuration has same proxy address and value for HTTP
  and HTTPS,
- TCP session to proxy sever will not properly be reused. This allows remote
  attackers to steal cookie information via crafted HTML document.
- SSl lock consistency with address bar is not ensured. This allows remote
  attackers to spoof web sites via a crafted HTML document.";

tag_solution = "No solution or patch was made available for at least one year
since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective
features, remove the product or replace the product by another one.";

tag_summary = "This host is installed with Microsoft Internet Explorer and is
prone to information disclosure and web site spoofing vulnerabilities.";

if(description)
{
  script_id(803305);
  script_version("$Revision: 6104 $");
  script_bugtraq_id(57640, 57641);
  script_cve_id("CVE-2013-1450","CVE-2013-1451");
  script_tag(name:"cvss_base", value:"4.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:P/I:P/A:N");
  script_tag(name:"last_modification", value:"$Date: 2017-05-11 11:03:48 +0200 (Thu, 11 May 2017) $");
  script_tag(name:"creation_date", value:"2013-02-04 11:45:52 +0530 (Mon, 04 Feb 2013)");
  script_name("MS IE Information Disclosure and Web Site Spoofing Vulnerabilities");
  script_xref(name : "URL" , value : "http://pastebin.com/raw.php?i=rz9BcBey");
  script_xref(name : "URL" , value : "http://cxsecurity.com/cveshow/CVE-2013-1450");
  script_xref(name : "URL" , value : "http://cxsecurity.com/cveshow/CVE-2013-1451");
  script_xref(name : "URL" , value : "http://www.security-database.com/detail.php?alert=CVE-2013-1450");
  script_xref(name : "URL" , value : "http://www.security-database.com/detail.php?alert=CVE-2013-1451");

  script_category(ACT_GATHER_INFO);
  script_tag(name:"qod_type", value:"registry");
  script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
  script_family("Windows");
  script_dependencies("gb_ms_ie_detect.nasl");
  script_require_keys("MS/IE/Version");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"solution_type", value:"WillNotFix");
  exit(0);
}


# Variable Initialization
ieVer = "";

# Check for product Internet Explorer
ieVer = get_kb_item("MS/IE/Version");

# Check for Internet Explorer version
if(ieVer && ieVer =~ "^(8|9)"){
  security_message(0);
}

Related

cve 2
prion 2
cvelist 2
openvas 1
nvd 2
seebug 3
exploitpack 1
exploitdb 1
cve
cve
CVE-2013-1451
2022-10-03 16:14:47
CVE-2013-1450
2022-10-03 16:14:46
prion
prion
Design/Logic Flaw
2013-01-29 12:27:00
Design/Logic Flaw
2013-01-29 12:27:00
cvelist
cvelist
CVE-2013-1451
2022-10-03 16:14:47
CVE-2013-1450
2022-10-03 16:14:46
openvas
openvas
Microsoft Internet Explorer Information Disclosure and Web Site Spoofing Vulnerabilities
2013-02-04 00:00:00
nvd
nvd
CVE-2013-1451
2013-01-29 12:27:01
CVE-2013-1450
2013-01-29 12:27:01
seebug
seebug
Internet Explorer 8 & Internet Explorer 9 - Steal any Cookie
2014-07-01 00:00:00
Microsoft Internet Explorer 信息泄露漏洞(CVE-2013-1450)
2013-02-03 00:00:00
Microsoft Internet Explorer地址栏 URI欺骗漏洞(CVE-2013-1451)
2013-02-03 00:00:00
exploitpack
exploitpack
Microsoft Internet Explorer 89 - Steal Any Cookie
2013-01-28 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer 8/9 - Steal Any Cookie
2013-01-28 00:00:00

0.064 Low

EPSS

Percentile

93.7%

JSON
Related for OPENVAS:803305
cve2prion2cvelist2openvas1nvd2seebug3exploitpack1exploitdb1