ID CVE-2004-0845
Summary Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 12-10-2018 - 21:35)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
oval via4
  • accepted 2014-02-24T04:02:53.847-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name John Hoyland
      organization Centennial Software
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
    family windows
    id oval:org.mitre.oval:def:2219
    status accepted
    submitted 2004-10-26T04:00:00.000-04:00
    title IE v6.0 SSL Cached Content Vulnerability
    version 69
  • accepted 2014-02-24T04:03:17.096-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
    family windows
    id oval:org.mitre.oval:def:3872
    status accepted
    submitted 2004-10-26T12:00:00.000-04:00
    title IE v6.0,SP1 (Server 2003) SSL Cached Content Vulnerability
    version 69
  • accepted 2014-02-24T04:03:21.476-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
    family windows
    id oval:org.mitre.oval:def:5150
    status accepted
    submitted 2005-01-18T12:00:00.000-04:00
    title IE v5.01, SP4 SSL Cached Content Vulnerability
    version 68
  • accepted 2014-02-24T04:03:23.268-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
    family windows
    id oval:org.mitre.oval:def:5520
    status accepted
    submitted 2005-01-18T12:00:00.000-04:00
    title IE v5.5, SP2 SSL Cached Content Vulnerability
    version 68
  • accepted 2014-02-24T04:03:23.836-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Christine Walzer
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
    family windows
    id oval:org.mitre.oval:def:5740
    status accepted
    submitted 2004-10-26T02:20:00.000-04:00
    title IE v6.0,SP1 SSL Cached Content Vulnerability
    version 69
  • accepted 2014-02-24T04:03:26.721-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name John Hoyland
      organization Centennial Software
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jeff Cheng
      organization Opsware, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
    family windows
    id oval:org.mitre.oval:def:7611
    status accepted
    submitted 2004-10-26T02:09:00.000-04:00
    title IE v5.01,SP3 SSL Cached Content Vulnerability
    version 68
refmap via4
bugtraq 20041013 ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer
cert TA04-293A
cert-vn VU#795720
misc http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt
ms MS04-038
xf
  • ie-cache-ssl-obtain-information(17654)
  • ie-ms04038-patch(17651)
Last major update 12-10-2018 - 21:35
Published 03-11-2004 - 05:00
Back to Top