CVE-2005-4827
 
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2005-12-31 CVE Published
- 2007-02-07 CVE Reserved
- 2024-08-08 CVE Updated
- 2024-08-08 First Exploit
- 2024-10-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/archive/1/459172/100/0/threaded | Mailing List | |
http://www.securityfocus.com/bid/14969 | Vdb Entry |
URL | Date | SRC |
---|---|---|
http://www.securityfocus.com/archive/1/411585 | 2024-08-08 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://seclists.org/fulldisclosure/2007/Feb/0081.html | 2021-07-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6 Search vendor "Microsoft" for product "Ie" and version "6" | microsoft_windows_server_2003_sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6 Search vendor "Microsoft" for product "Ie" and version "6" | windows_2000 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6 Search vendor "Microsoft" for product "Ie" and version "6" | windows_server_2003 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6 Search vendor "Microsoft" for product "Ie" and version "6" | windows_xp_professional_64bit |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6 Search vendor "Microsoft" for product "Ie" and version "6" | sp1, windows_98 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6 Search vendor "Microsoft" for product "Ie" and version "6" | sp1, windows_98_se |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6 Search vendor "Microsoft" for product "Ie" and version "6" | sp1, windows_millennium |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6 Search vendor "Microsoft" for product "Ie" and version "6" | sp1, windows_xpsp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6 Search vendor "Microsoft" for product "Ie" and version "6" | windows_2000_sp4 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6 Search vendor "Microsoft" for product "Ie" and version "6" | windows_server_2003_sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6 Search vendor "Microsoft" for product "Ie" and version "6" | windows_server_2003_sp1_itanium |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6 Search vendor "Microsoft" for product "Ie" and version "6" | windows_server_2003_sp1_itanium_systems |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6 Search vendor "Microsoft" for product "Ie" and version "6" | windows_xp_sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | windows_server |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | windows_server_2003 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | windowsxp |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | sp1, windows_2000 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | sp1, windows_xp |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | sp2, windows_xp |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | windows_xp_sp2 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | sp1 |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2600 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2600" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2800 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2800" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2800.1106 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2800.1106" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6.0.2900.2180 Search vendor "Microsoft" for product "Internet Explorer" and version "6.0.2900.2180" | - |
Affected
| ||||||
Canon Search vendor "Canon" | Network Camera Server Vb101 Search vendor "Canon" for product "Network Camera Server Vb101" | * | - |
Affected
|