Vulnerability Details : CVE-2005-4827

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.

Published 2005-12-31 05:00:00

Updated 2021-07-23 15:04:42

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2005-4827

Probability of exploitation activity in the next 30 days: 2.72%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-4827

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2005-4827

Products affected by CVE-2005-4827

Microsoft » IE » Version: 6 Update Windows Server 2003 Sp1
cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6.0 Update SP1
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6.0 Windows Server 2003 Edition
cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6.0 Update SP2
cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6 Update Windows Xp Sp2
cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6 Windows 2000 Edition
cpe:2.3:a:microsoft:ie:6:*:windows_2000:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6.0 Update Windows Xp Sp2
cpe:2.3:a:microsoft:ie:6.0:windows_xp_sp2:*:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6 Update SP1 Windows 98 Se Edition
cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6 Update SP1 Windows Xpsp1 Edition
cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6 Windows Server 2003 Edition
cpe:2.3:a:microsoft:ie:6:*:windows_server_2003:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6 Windows Xp Professional 64bit Edition
cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6.0 Windowsxp Edition
cpe:2.3:a:microsoft:ie:6.0:*:windowsxp:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6.0 Update SP1 Windows 2000 Edition
cpe:2.3:a:microsoft:ie:6.0:sp1:windows_2000:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6.0 Update SP1 Windows Xp Edition
cpe:2.3:a:microsoft:ie:6.0:sp1:windows_xp:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6 Update Windows Server 2003 Sp1 Itanium
cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6 Update Windows Server 2003 Sp1 Itanium Systems
cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6.0 Windows Server Edition
cpe:2.3:a:microsoft:ie:6.0:*:windows_server:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6.0 Update SP2 Windows Xp Edition
cpe:2.3:a:microsoft:ie:6.0:sp2:windows_xp:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6 Microsoft Windows Server 2003 Sp1 Edition
cpe:2.3:a:microsoft:ie:6:*:microsoft_windows_server_2003_sp1:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6 Update SP1 Windows 98 Edition
cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6 Update SP1 Windows Millennium Edition
cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*
Matching versions
Microsoft » IE » Version: 6 Update Windows 2000 Sp4
cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*
Matching versions
Microsoft » Internet Explorer » Version: 6 Update SP1
cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Internet Explorer » Version: 6.0.2900.2180
cpe:2.3:a:microsoft:internet_explorer:6.0.2900.2180:*:*:*:*:*:*:*
Matching versions
Microsoft » Internet Explorer » Version: 6.0.2800.1106
cpe:2.3:a:microsoft:internet_explorer:6.0.2800.1106:*:*:*:*:*:*:*
Matching versions
Microsoft » Internet Explorer » Version: 6.0
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
Matching versions
Microsoft » Internet Explorer » Version: 6.0.2600
cpe:2.3:a:microsoft:internet_explorer:6.0.2600:*:*:*:*:*:*:*
Matching versions
Microsoft » Internet Explorer » Version: 6.0.2800
cpe:2.3:a:microsoft:internet_explorer:6.0.2800:*:*:*:*:*:*:*
Matching versions
Canon » Network Camera Server Vb101
cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*
Matching versions