CVE-2008-1544Improper Input Validation in Microsoft Internet Explorer

CWE-20Improper Input Validation2 documents2 sources
Severity
7.1HIGHNVD
EPSS
51.2%
top 2.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedMar 28
Latest updateMay 1

Description

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) b

CVSS vector

AV:N/AC:M/C:C/I:N/A:NExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDmicrosoft/internet_explorer5.01, 6, 7+2

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

1
GHSA
GHSA-63q6-hp4x-52r6: The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 52022-05-01
CVE-2008-1544 — Improper Input Validation in Microsoft | cvebase