4.3

CVE-2008-1545

Exploit
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not restrict the dangerous Transfer-Encoding HTTP request header, which allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via a POST containing a "Transfer-Encoding: chunked" header and a request body with an incorrect chunk size.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftInternet Explorer Version7.0
MicrosoftInternet Explorer Version7.0.5730.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 11.84% 0.956
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/29453
Vendor Advisory
http://www.vupen.com/english/advisories/2008/0980
http://securityreason.com/securityalert/3786
http://www.mindedsecurity.com/MSA01240108.html
Exploit
http://www.securityfocus.com/archive/1/489960/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/42804