ID CVE-2005-2830
Summary Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 12-10-2018 - 21:37)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
oval via4
  • accepted 2014-02-24T04:00:08.025-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1097
    status accepted
    submitted 2005-12-13T12:00:00.000-04:00
    title Win2K/XP,SP1 HTTPS Proxy Vulnerability
    version 70
  • accepted 2014-02-24T04:00:08.222-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1101
    status accepted
    submitted 2005-12-13T12:00:00.000-04:00
    title WinXP,SP1 (64-bit) HTTPS Proxy Vulnerability
    version 70
  • accepted 2014-02-24T04:00:09.290-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1143
    status accepted
    submitted 2005-12-13T12:00:00.000-04:00
    title Server 2003,SP1 HTTPS Proxy Vulnerability
    version 70
  • accepted 2014-02-24T04:00:13.966-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1317
    status accepted
    submitted 2005-12-13T12:00:00.000-04:00
    title Server 2003 HTTPS Proxy Vulnerability
    version 69
  • accepted 2014-02-24T04:00:16.984-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Dragos Prisaca
      organization Gideon Technologies, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1435
    status accepted
    submitted 2005-12-13T12:00:00.000-04:00
    title WinXP,SP2 HTTPS Proxy Vulnerability
    version 71
  • accepted 2014-02-24T04:00:19.447-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Anna Min
      organization BigFix, Inc
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
    family windows
    id oval:org.mitre.oval:def:1521
    status accepted
    submitted 2005-12-13T12:00:00.000-04:00
    title Win2K,SP4 HTTPS Proxy Vulnerability
    version 70
refmap via4
bid 15825
confirm http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf
misc http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420
ms MS05-054
sectrack 1015350
secunia
  • 15368
  • 18064
  • 18311
vupen
  • ADV-2005-2867
  • ADV-2005-2909
xf ie-https-proxy-information-disclosure(23451)
vulnerable_product via4
  • cpe:2.3:a:microsoft:ie:5.0.1:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
Last major update 12-10-2018 - 21:37
Published 14-12-2005 - 11:03
Back to Top