CVE-2003-1559 — Sensitive Information Exposure in Microsoft IE

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

39.9%

top 2.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft IE Microsoft Internet Explorer

Timeline

PublishedDec 31

Latest updateApr 29

Description

Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/internet_explorer5.5, 6+1

▶NVDmicrosoft/ie5.22

🔴Vulnerability Details

GHSA

GHSA-5g87-97pw-p9m9: Microsoft Internet Explorer 5↗2022-04-29

▶

CVEList

CVE-2003-1559: Microsoft Internet Explorer 5↗2008-07-14

▶