MicrosoftCVE-2005-2830

HistoryDec 14, 2005 - 11:03 a.m.

CVE-2005-2830

2005-12-1411:03:00

microsoft

web.nvd.nist.gov

cve-2005-2830

microsoft

internet explorer

https

proxy

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.961

Percentile

99.5%

JSON

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka “HTTPS Proxy Vulnerability.”

Affected configurations

Nvd

Node

microsoftieMatch6.0sp1

microsoftinternet_explorerMatch5.0.1sp4

microsoftinternet_explorerMatch5.5sp2

microsoftinternet_explorerMatch6.0

VendorProductVersionCPE
microsoftie6.0cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
microsoftinternet_explorer5.0.1cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
microsoftinternet_explorer5.5cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
microsoftinternet_explorer6.0cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	ie	6.0	cpe:2.3:a:microsoft:ie:6.0:sp1::::::
microsoft	internet_explorer	5.0.1	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4::::::
microsoft	internet_explorer	5.5	cpe:2.3:a:microsoft:internet_explorer:5.5:sp2::::::
microsoft	internet_explorer	6.0	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*

References

secunia.com/advisories/15368

secunia.com/advisories/18064

secunia.com/advisories/18311

securitytracker.com/id?1015350

support.avaya.com/elmodocs2/security/ASA-2005-234.pdf

www.securityfocus.com/bid/15825

www.vupen.com/english/advisories/2005/2867

www.vupen.com/english/advisories/2005/2909

www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420

docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054

exchange.xforce.ibmcloud.com/vulnerabilities/23451

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.961

Percentile

99.5%

JSON

Related for CVE-2005-2830