Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1025

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2003-1025
Last Modified 10 Sep 2008 12:00:00
Published 20 Jan 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2003-1025

Summary

Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."

Vulnerable Systems

Application

  • Microsoft Ie 6.0


References

CERT - TA04-033A

CERT-VN - VU#652278

XF - ie-domain-url-spoofing(13935)

MISC - http://www.zapthedingbat.com/security/ex01/vun1.htm

BUGTRAQ - 20031209 Internet Explorer URL parsing vulnerability

MS - MS04-004


Last Updated: 27 May 2016 10:38:08