5.8

CVE-2007-5355

The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version5.01 Updatesp4
   MicrosoftWindows 2000 Updatesp4
MicrosoftInternet Explorer Version6 Updatesp1
   MicrosoftWindows 2000 Updatesp4
MicrosoftInternet Explorer Version6
   MicrosoftWindows 2003 Server Version64-bit
   MicrosoftWindows 2003 Server Version64-bit_sp2
   MicrosoftWindows 2003 Server Versionitanium_sp1
   MicrosoftWindows 2003 Server Versionitanium_sp2
   MicrosoftWindows 2003 Server Versionsp1
   MicrosoftWindows 2003 Server Versionsp2
   MicrosoftWindows Xp Updatesp2
MicrosoftInternet Explorer Version7
   MicrosoftWindows 2003 Server Version64-bit
   MicrosoftWindows 2003 Server Version64-bit_sp2
   MicrosoftWindows 2003 Server Versionitanium_sp1
   MicrosoftWindows 2003 Server Versionitanium_sp2
   MicrosoftWindows 2003 Server Versionsp1
   MicrosoftWindows 2003 Server Versionsp2
   MicrosoftWindows Vista Editionx64
   MicrosoftWindows Xp Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 23.23% 0.958
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N