4.3
CVE-2008-1545
- EPSS 11.84%
- Veröffentlicht 28.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:56
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version7.0
Microsoft ≫ Internet Explorer Version7.0.5730.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 11.84% | 0.956 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/29453
http://www.vupen.com/english/advisories/2008/0980
http://securityreason.com/securityalert/3786
http://www.mindedsecurity.com/MSA01240108.html
http://www.securityfocus.com/archive/1/489960/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/42804