CVE-2003-1559

Published: Dec 31, 2003Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.

Affected (4)

Products: Microsoft: Ie, Internet Explorer

Microsoft

2 products

Internet Explorer

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Ie	Version 5.22
Microsoft Internet Explorer	Version 5.5
Microsoft Internet Explorer	Version 6
Microsoft Internet Explorer	Version 6 sp1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://securityreason.com/securityalert/3989

Source: cve@mitre.org

http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/348360

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/348574

Source: cve@mitre.org

http://www.securityfocus.com/bid/9295

Source: cve@mitre.org

http://securityreason.com/securityalert/3989