Vulnerability CVE-2005-4827


Published: 2005-12-31   Modified: 2012-02-12

Description:
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Microsoft -> IE 
Canon -> Network camera server vb101 

 References:
http://seclists.org/fulldisclosure/2007/Feb/0081.html
http://www.securityfocus.com/archive/1/411585
http://www.securityfocus.com/archive/1/459172/100/0/threaded
http://www.securityfocus.com/bid/14969

Copyright 2024, cxsecurity.com

 

Back to Top