7.5

CVE-2005-4827

Exploit

EPSS 19.03%
Published 31.12.2005 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces.  NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Ie Version6 Editionmicrosoft_windows_server_2003_sp1

Microsoft ≫ Ie Version6 Editionwindows_2000

Microsoft ≫ Ie Version6 Editionwindows_server_2003

Microsoft ≫ Ie Version6 Editionwindows_xp_professional_64bit

Microsoft ≫ Ie Version6 Updatesp1 Editionwindows_98

Microsoft ≫ Ie Version6 Updatesp1 Editionwindows_98_se

Microsoft ≫ Ie Version6 Updatesp1 Editionwindows_millennium

Microsoft ≫ Ie Version6 Updatesp1 Editionwindows_xpsp1

Microsoft ≫ Ie Version6 Updatewindows_2000_sp4

Microsoft ≫ Ie Version6 Updatewindows_server_2003_sp1

Microsoft ≫ Ie Version6 Updatewindows_server_2003_sp1_itanium

Microsoft ≫ Ie Version6 Updatewindows_server_2003_sp1_itanium_systems

Microsoft ≫ Ie Version6 Updatewindows_xp_sp2

Microsoft ≫ Ie Version6.0 Editionwindows_server

Microsoft ≫ Ie Version6.0 Editionwindows_server_2003

Microsoft ≫ Ie Version6.0 Editionwindowsxp

Microsoft ≫ Ie Version6.0 Updatesp1

Microsoft ≫ Ie Version6.0 Updatesp1 Editionwindows_2000

Microsoft ≫ Ie Version6.0 Updatesp1 Editionwindows_xp

Microsoft ≫ Ie Version6.0 Updatesp2

Microsoft ≫ Ie Version6.0 Updatesp2 Editionwindows_xp

Microsoft ≫ Ie Version6.0 Updatewindows_xp_sp2

Microsoft ≫ Internet Explorer Version6 Updatesp1

Microsoft ≫ Internet Explorer Version6.0

Microsoft ≫ Internet Explorer Version6.0.2600

Microsoft ≫ Internet Explorer Version6.0.2800

Microsoft ≫ Internet Explorer Version6.0.2800.1106

Microsoft ≫ Internet Explorer Version6.0.2900.2180

Canon ≫ Network Camera Server Vb101

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	19.03%	0.951

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://seclists.org/fulldisclosure/2007/Feb/0081.html

Vendor Advisory

http://www.securityfocus.com/archive/1/411585

Exploit

http://www.securityfocus.com/archive/1/459172/100/0/threaded

http://www.securityfocus.com/bid/14969

https://nvd.nist.gov/vuln/detail/CVE-2005-4827

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-4827

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-4827

EUVD