Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2009-0419
HistoryFeb 04, 2009 - 7:30 p.m.

Design/Logic Flaw

2009-02-0419:30:00
PRIOn knowledge base
www.prio-n.com
3

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.946 High

EPSS

Percentile

99.3%

JSON

Microsoft XML Core Services, as used in Microsoft Expression Web, Office, Internet Explorer 6 and 7, and other products, does not properly restrict access from web pages to Set-Cookie2 HTTP response headers, which allows remote attackers to obtain sensitive information from cookies via XMLHttpRequest calls, related to the HTTPOnly protection mechanism. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-4033.

Related

nvd 2
cve 2
cvelist 2
seebug 2
prion 1
checkpoint_advisories 1
openvas 4
securityvulns 2
mskb 1
nessus 1
nvd
nvd
CVE-2009-0419
2009-02-04 19:30:00
CVE-2008-4033
2008-11-12 23:30:02
cve
cve
CVE-2009-0419
2009-02-04 19:30:00
CVE-2008-4033
2008-11-12 23:30:02
cvelist
cvelist
CVE-2009-0419
2009-02-04 19:00:00
CVE-2008-4033
2008-11-12 23:00:00
seebug
seebug
Microsoft XML Core Services传输编码跨域信息泄露漏洞(MS08-069)
2008-11-13 00:00:00
Microsoft XML Core Services XMLHttpRequest SetCookie2头信息泄露漏洞
2009-02-19 00:00:00
prion
prion
Cross site scripting
2008-11-12 23:30:00
checkpoint_advisories
checkpoint_advisories
Microsoft XML Core Services Chunked Request (MS08-069; CVE-2008-4033)
2008-11-11 00:00:00
openvas
openvas
Microsoft XML Core Service Information Disclosure Vulnerability
2009-02-18 00:00:00
Microsoft XML Core Service Information Disclosure Vulnerability
2009-02-18 00:00:00
Microsoft XML Core Services Remote Code Execution Vulnerability (955218)
2008-11-12 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS08-069 – Critical Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
2008-11-12 00:00:00
Microsoft XML multiple security vulnerabilities
2008-11-12 00:00:00
mskb
mskb
MS08-069: Vulnerabilities in Microsoft XML Core Services could allow remote code execution
2018-04-17 20:28:02
nessus
nessus
MS08-069: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
2008-11-12 00:00:00

6.3 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.946 High

EPSS

Percentile

99.3%

JSON
Related for PRION:CVE-2009-0419
nvd2cve2cvelist2seebug2prion1checkpoint_advisories1openvas4securityvulns2mskb1nessus1