← Back

CVE-2005-4827

nvd nist
Published: Dec 31, 2005Modified: Apr 16, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.

Affected (29)

Canon
1 product
Network Camera Server Vb101
Microsoft
2 products
Ie
Internet Explorer
Configuration A
29 vulnerable
Vulnerable SoftwareAffected Versions
Network Camera Server Vb101
All versions
Microsoft
Ie
Version 6.0
Ie
Version 6.0
Ie
Version 6.0
Ie
Version 6.0 sp1
Ie
Version 6.0 sp1
Ie
Version 6.0 sp1
Ie
Version 6.0 sp2
Ie
Version 6.0 sp2
Ie
Version 6.0 windows_xp_sp2
Ie
Version 6
Ie
Version 6
Ie
Version 6
Ie
Version 6
Ie
Version 6 sp1
Ie
Version 6 sp1
Ie
Version 6 sp1
Ie
Version 6 sp1
Ie
Version 6 windows_2000_sp4
Ie
Version 6 windows_server_2003_sp1
Ie
Version 6 windows_server_2003_sp1_itanium
Ie
Version 6 windows_server_2003_sp1_itanium_systems
Ie
Version 6 windows_xp_sp2
Microsoft
Internet Explorer
Version 6.0.2600
Internet Explorer
Version 6.0.2800.1106
Internet Explorer
Version 6.0.2800
Internet Explorer
Version 6.0.2900.2180
Internet Explorer
Version 6.0
Internet Explorer
Version 6 sp1

References (8)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.