CVSS: 4.3EPSS: 97%CPEs: 1EXPL: 4CVE-2003-1025 – Microsoft Internet Explorer 5/6 / Mozilla 1.2.1 - URI Display Obfuscation
https://notcve.org/view.php?id=CVE-2003-1025
Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability." Internet Explorer 6 y posiblemente otras versiones, permite a atacantes remotos suplantar el dominio de una URL mediante un carácter "%01" antes de un carácter "@" (arroba) en la porción usario@dominio de la URL, lo que esconde el resto de la URL, incluyendo el sitio real, en la barra de direcciones. • https://www.exploit-db.com/exploits/23422 https://www.exploit-db.com/exploits/23423 https://www.exploit-db.com/exploits/23465 http://www.kb.cert.org/vuls/id/652278 http://www.securityfocus.com/archive/1/346948 http://www.us-cert.gov/cas/techalerts/TA04-033A.html http://www.zapthedingbat.com/security/ex01/vun1.htm https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 https://exchange.xforce.ibmcloud.com/vulnerabilities/13935 https://oval.cisecu • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 3%CPEs: 4EXPL: 0CVE-2003-1559
https://notcve.org/view.php?id=CVE-2003-1559
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. • http://securityreason.com/securityalert/3989 http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html http://www.securityfocus.com/archive/1/348360 http://www.securityfocus.com/archive/1/348574 http://www.securityfocus.com/bid/9295 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 6%CPEs: 1EXPL: 4CVE-2003-1505 – Microsoft Internet Explorer 6 - Scrollbar-Base-Color Partial Denial of Service
https://notcve.org/view.php?id=CVE-2003-1505
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved. • https://www.exploit-db.com/exploits/23273 http://securityreason.com/securityalert/3295 http://www.securityfocus.com/archive/1/342010 http://www.securityfocus.com/bid/8874 https://exchange.xforce.ibmcloud.com/vulnerabilities/13809 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2003-1305
https://notcve.org/view.php?id=CVE-2003-1305
Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page. • http://archive.cert.uni-stuttgart.de/archive/bugtraq/2003/07/msg00068.html http://www.osvdb.org/2291 •
CVSS: 2.6EPSS: 1%CPEs: 4EXPL: 0CVE-2003-1105
https://notcve.org/view.php?id=CVE-2003-1105
Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered. • http://www.kb.cert.org/vuls/id/813208 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032 https://exchange.xforce.ibmcloud.com/vulnerabilities/13029 •