CVE-2005-4827Microsoft IE vulnerability

3 documents3 sources
Severity
7.5HIGHNVD
EPSS
18.5%
top 4.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedDec 31
Latest updateMay 1

Description

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attack

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDmicrosoft/internet_explorer6 versions+5
NVDmicrosoft/ie6, 6.0+1

🔴Vulnerability Details

2
GHSA
GHSA-c25g-j43f-w7p8: Internet Explorer 62022-05-01
CVEList
CVE-2005-4827: Internet Explorer 62007-02-07
CVE-2005-4827 — Microsoft IE vulnerability | cvebase