Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4827

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4827
Last Modified 05 Sep 2008 04:57:56
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4827

Summary

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.

Vulnerable Systems

Application

  • Microsoft Ie 6

  • Microsoft Ie 6.0

  • Microsoft Ie 6.0.2600

  • Microsoft Ie 6.0.2800

  • Microsoft Ie 6.0.2800.1106

  • Microsoft Ie 6.0.2900.2180


References

BID - 14969

BUGTRAQ - 20070203 Re: Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

BUGTRAQ - 20070204 Re: Web 2.0 backdoors made easy with MSIE & XMLHttpRequest

BUGTRAQ - 20050924 "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein

FULLDISC - 20070203 Web 2.0 backdoors made easy with MSIE & XMLHttpRequest


Last Updated: 27 May 2016 10:41:27