Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1544

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2008-1544
Last Modified 14 Jun 2011 12:00:00
Published 28 Mar 2008 07:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1544

Summary

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.

Vulnerable Systems

Application

  • Microsoft Internet Explorer 5.01

  • Microsoft Internet Explorer 6

  • Microsoft Internet Explorer 7


References

CERT - TA08-162B

BID - 28379

MS - MS08-031

VUPEN - ADV-2008-1778

VUPEN - ADV-2008-0980

SECTRACK - 1020226

BUGTRAQ - 20080321 [MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling.

MISC - http://www.mindedsecurity.com/MSA02240108.html

SREASON - 3785

SECUNIA - 29453

HP - HPSBST02344

HP - SSRT080087


Last Updated: 27 May 2016 10:47:28