Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5277

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5277
Last Modified 15 Nov 2008 02:00:28
Published 08 Oct 2007 07:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5277

Summary

Microsoft Internet Explorer 6 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80, a different issue than CVE-2006-4560.

Vulnerable Systems

Application

  • Microsoft Ie 6

  • Microsoft Ie 6.0


References

OSVDB - 45525

MISC - http://crypto.stanford.edu/dns/dns-rebinding.pdf


Last Updated: 27 May 2016 10:46:08