// For flags

CVE-2005-4827

 

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-12-31 CVE Published
  • 2007-02-07 CVE Reserved
  • 2024-08-08 CVE Updated
  • 2024-08-08 First Exploit
  • 2024-10-13 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6
Search vendor "Microsoft" for product "Ie" and version "6"
microsoft_windows_server_2003_sp1
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6
Search vendor "Microsoft" for product "Ie" and version "6"
windows_2000
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6
Search vendor "Microsoft" for product "Ie" and version "6"
windows_server_2003
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6
Search vendor "Microsoft" for product "Ie" and version "6"
windows_xp_professional_64bit
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6
Search vendor "Microsoft" for product "Ie" and version "6"
sp1, windows_98
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6
Search vendor "Microsoft" for product "Ie" and version "6"
sp1, windows_98_se
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6
Search vendor "Microsoft" for product "Ie" and version "6"
sp1, windows_millennium
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6
Search vendor "Microsoft" for product "Ie" and version "6"
sp1, windows_xpsp1
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6
Search vendor "Microsoft" for product "Ie" and version "6"
windows_2000_sp4
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6
Search vendor "Microsoft" for product "Ie" and version "6"
windows_server_2003_sp1
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6
Search vendor "Microsoft" for product "Ie" and version "6"
windows_server_2003_sp1_itanium
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6
Search vendor "Microsoft" for product "Ie" and version "6"
windows_server_2003_sp1_itanium_systems
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6
Search vendor "Microsoft" for product "Ie" and version "6"
windows_xp_sp2
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6.0
Search vendor "Microsoft" for product "Ie" and version "6.0"
windows_server
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6.0
Search vendor "Microsoft" for product "Ie" and version "6.0"
windows_server_2003
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6.0
Search vendor "Microsoft" for product "Ie" and version "6.0"
windowsxp
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6.0
Search vendor "Microsoft" for product "Ie" and version "6.0"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6.0
Search vendor "Microsoft" for product "Ie" and version "6.0"
sp1, windows_2000
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6.0
Search vendor "Microsoft" for product "Ie" and version "6.0"
sp1, windows_xp
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6.0
Search vendor "Microsoft" for product "Ie" and version "6.0"
sp2
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6.0
Search vendor "Microsoft" for product "Ie" and version "6.0"
sp2, windows_xp
Affected
Microsoft
Search vendor "Microsoft"
Ie
Search vendor "Microsoft" for product "Ie"
6.0
Search vendor "Microsoft" for product "Ie" and version "6.0"
windows_xp_sp2
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
sp1
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6.0
Search vendor "Microsoft" for product "Internet Explorer" and version "6.0"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6.0.2600
Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2600"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6.0.2800
Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2800"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6.0.2800.1106
Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2800.1106"
-
Affected
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6.0.2900.2180
Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2900.2180"
-
Affected
Canon
Search vendor "Canon"
Network Camera Server Vb101
Search vendor "Canon" for product "Network Camera Server Vb101"
*-
Affected