Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0845

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2004-0845
Last Modified 15 Aug 2013 12:31:52
Published 03 Nov 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0845

Summary

Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.

Vulnerable Systems

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 5.5

  • Microsoft Ie 6


References

CERT - TA04-293A

CERT-VN - VU#795720

XF - ie-cache-ssl-obtain-information(17654)

MS - MS04-038

BUGTRAQ - 20041013 ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer

XF - ie-ms04038-patch(17651)

MISC - http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt


Last Updated: 27 May 2016 10:38:46