7.1
CVE-2008-1544
- EPSS 26.32%
- Veröffentlicht 28.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:56
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version5.01 Updatesp4
Microsoft ≫ Internet Explorer Version6 Updatesp1
Microsoft ≫ Internet Explorer Version6
Microsoft ≫ Windows Server 2003
Microsoft ≫ Windows Server 2003 Updatesp1
Microsoft ≫ Windows Server 2003 Updatesp1 Editionitanium
Microsoft ≫ Windows Server 2003 Updatesp2
Microsoft ≫ Windows Xp Editionx64
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows Xp Updatesp2 Editionpro_x64
Microsoft ≫ Windows Xp Updatesp3
Microsoft ≫ Windows Server 2003 Updatesp1
Microsoft ≫ Windows Server 2003 Updatesp1 Editionitanium
Microsoft ≫ Windows Server 2003 Updatesp2
Microsoft ≫ Windows Xp Editionx64
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows Xp Updatesp2 Editionpro_x64
Microsoft ≫ Windows Xp Updatesp3
Microsoft ≫ Internet Explorer Version7
Microsoft ≫ Windows Server 2003
Microsoft ≫ Windows Server 2003 Updatesp1
Microsoft ≫ Windows Server 2003 Updatesp1 Editionitanium
Microsoft ≫ Windows Server 2003 Updatesp2
Microsoft ≫ Windows Server 2008
Microsoft ≫ Windows Server 2008 Editionitanium
Microsoft ≫ Windows Server 2008 Editionx64
Microsoft ≫ Windows Vista
Microsoft ≫ Windows Vista Editionx64
Microsoft ≫ Windows Vista Updatesp1
Microsoft ≫ Windows Xp Editionpro_x64
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows Xp Updatesp2 Editionpro_x64
Microsoft ≫ Windows Xp Updatesp3
Microsoft ≫ Windows Server 2003 Updatesp1
Microsoft ≫ Windows Server 2003 Updatesp1 Editionitanium
Microsoft ≫ Windows Server 2003 Updatesp2
Microsoft ≫ Windows Server 2008
Microsoft ≫ Windows Server 2008 Editionitanium
Microsoft ≫ Windows Server 2008 Editionx64
Microsoft ≫ Windows Vista
Microsoft ≫ Windows Vista Editionx64
Microsoft ≫ Windows Vista Updatesp1
Microsoft ≫ Windows Xp Editionpro_x64
Microsoft ≫ Windows Xp Updatesp2
Microsoft ≫ Windows Xp Updatesp2 Editionpro_x64
Microsoft ≫ Windows Xp Updatesp3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 26.32% | 0.977 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 8.6 | 6.9 |
AV:N/AC:M/Au:N/C:C/I:N/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://marc.info/?l=bugtraq&m=121380194923597&w=2
http://www.us-cert.gov/cas/techalerts/TA08-162B.html
http://secunia.com/advisories/29453
http://securityreason.com/securityalert/3785
http://www.mindedsecurity.com/MSA02240108.html
http://www.securityfocus.com/archive/1/489954/100/0/threaded
http://www.securityfocus.com/bid/28379
http://www.securitytracker.com/id?1020226
http://www.vupen.com/english/advisories/2008/0980
http://www.vupen.com/english/advisories/2008/1778
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-031
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5291