ID CVE-2004-0845
Summary Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
References
Vulnerable Configurations
  • Microsoft Internet Explorer 5.01
    cpe:2.3:a:microsoft:ie:5.01
  • Microsoft ie 5.5
    cpe:2.3:a:microsoft:ie:5.5
  • cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1
    cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1
CVSS
Base: 6.4 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
oval via4
  • accepted 2014-02-24T04:02:53.847-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name John Hoyland
      organization Centennial Software
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
    family windows
    id oval:org.mitre.oval:def:2219
    status accepted
    submitted 2004-10-26T04:00:00.000-04:00
    title IE v6.0 SSL Cached Content Vulnerability
    version 69
  • accepted 2014-02-24T04:03:17.096-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
    family windows
    id oval:org.mitre.oval:def:3872
    status accepted
    submitted 2004-10-26T12:00:00.000-04:00
    title IE v6.0,SP1 (Server 2003) SSL Cached Content Vulnerability
    version 69
  • accepted 2014-02-24T04:03:21.476-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
    family windows
    id oval:org.mitre.oval:def:5150
    status accepted
    submitted 2005-01-18T12:00:00.000-04:00
    title IE v5.01, SP4 SSL Cached Content Vulnerability
    version 68
  • accepted 2014-02-24T04:03:23.268-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
    family windows
    id oval:org.mitre.oval:def:5520
    status accepted
    submitted 2005-01-18T12:00:00.000-04:00
    title IE v5.5, SP2 SSL Cached Content Vulnerability
    version 68
  • accepted 2014-02-24T04:03:23.836-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
    family windows
    id oval:org.mitre.oval:def:5740
    status accepted
    submitted 2004-10-26T02:20:00.000-04:00
    title IE v6.0,SP1 SSL Cached Content Vulnerability
    version 69
  • accepted 2014-02-24T04:03:26.721-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
    family windows
    id oval:org.mitre.oval:def:7611
    status accepted
    submitted 2004-10-26T02:09:00.000-04:00
    title IE v5.01,SP3 SSL Cached Content Vulnerability
    version 68
refmap via4
bugtraq 20041013 ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer
cert TA04-293A
cert-vn VU#795720
misc http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt
ms MS04-038
xf
  • ie-cache-ssl-obtain-information(17654)
  • ie-ms04038-patch(17651)
Last major update 17-10-2016 - 22:49
Published 03-11-2004 - 00:00
Last modified 12-10-2018 - 17:35
Back to Top