Details of VAR-200512-0322

ID

VAR-200512-0322

CVE

CVE-2005-4827

TITLE

Microsoft Internet Explorer XmlHttpRequest Parameter validation vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200512-877

DESCRIPTION

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. Microsoft Internet Explorer is prone to a weakness that permits the injection of arbitrary HTTP requests due to improper verification of parameters passed to XmlHttpRequest. An attacker may craft a website that instantiates the affected control and forces the browser to request a site on the same host (or another host in case a forwarding proxy is employed). The attacker would then intercept the response and steal sensitive data to aid in further attacks

Trust: 1.26

sources: NVD: CVE-2005-4827 // BID: 14969 // VULHUB: VHN-16035

AFFECTED PRODUCTS

vendor:	microsoft	model:	ie	scope:	eq	version:	6.0	Trust: 1.6
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0	Trust: 1.3
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0.2900.2180	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0.2800.1106	Trust: 1.0
vendor:	microsoft	model:	ie	scope:	eq	version:	6	Trust: 1.0
vendor:	canon	model:	network camera server vb101	scope:	eq	version:	*	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0.2800	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6	Trust: 1.0
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	6.0.2600	Trust: 1.0
vendor:	microsoft	model:	ie	scope:	eq	version:	6.0.2800	Trust: 0.6
vendor:	microsoft	model:	ie	scope:	eq	version:	6.0.2600	Trust: 0.6
vendor:	microsoft	model:	ie	scope:	eq	version:	6.0.2800.1106	Trust: 0.6
vendor:	microsoft	model:	ie	scope:	eq	version:	6.0.2900.2180	Trust: 0.6
vendor:	microsoft	model:	internet explorer sp1	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 14969 // CNNVD: CNNVD-200512-877 // NVD: CVE-2005-4827

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-4827
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200512-877
value:	HIGH
Trust: 0.6
VULHUB:	VHN-16035
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-4827
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-16035
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-16035 // CNNVD: CNNVD-200512-877 // NVD: CVE-2005-4827

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4827

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200512-877

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200512-877

EXTERNAL IDS

db:	NVD	id:	CVE-2005-4827	Trust: 2.0
db:	BID	id:	14969	Trust: 2.0
db:	CNNVD	id:	CNNVD-200512-877	Trust: 0.7
db:	VULHUB	id:	VHN-16035	Trust: 0.1

sources: VULHUB: VHN-16035 // BID: 14969 // CNNVD: CNNVD-200512-877 // NVD: CVE-2005-4827

REFERENCES

url:	http://www.securityfocus.com/bid/14969	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/411585	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/459172/100/0/threaded	Trust: 1.7
url:	http://seclists.org/fulldisclosure/2007/feb/0081.html	Trust: 1.7
url:	/archive/1/411585	Trust: 0.3
url:	/archive/1/459172	Trust: 0.3

sources: VULHUB: VHN-16035 // BID: 14969 // CNNVD: CNNVD-200512-877 // NVD: CVE-2005-4827

CREDITS

Discovery is credited to Amit Klein.

Trust: 0.9

sources: BID: 14969 // CNNVD: CNNVD-200512-877

SOURCES

db:	VULHUB	id:	VHN-16035
db:	BID	id:	14969
db:	CNNVD	id:	CNNVD-200512-877
db:	NVD	id:	CVE-2005-4827

LAST UPDATE DATE

2024-08-14T14:00:31.211000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-16035	date:	2019-10-09T00:00:00
db:	BID	id:	14969	date:	2015-05-12T19:52:00
db:	CNNVD	id:	CNNVD-200512-877	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2005-4827	date:	2021-07-23T15:04:41.580

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-16035	date:	2005-12-31T00:00:00
db:	BID	id:	14969	date:	2005-09-24T00:00:00
db:	CNNVD	id:	CNNVD-200512-877	date:	2005-12-31T00:00:00
db:	NVD	id:	CVE-2005-4827	date:	2005-12-31T05:00:00