CVE-2002-1186 - Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded char

CVE-2002-1186

Summary

Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."

References

Vulnerable Configurations

cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 23-07-2021 - 12:55)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

oval via4

accepted

2014-02-24T04:00:16.674-05:00

class

vulnerability

contributors

name Harvey Rubinovitz
organization The MITRE Corporation
name Christine Walzer
organization The MITRE Corporation
name Maria Mikhno
organization ALTX-SOFT

description

family

windows

oval:org.mitre.oval:def:143

status

accepted

submitted

2004-01-27T05:00:00.000-04:00

title

Microsoft IE Encoded Characters Information Disclosure

version

accepted

2014-02-24T04:03:19.599-05:00

class

vulnerability

contributors

name Harvey Rubinovitz
organization The MITRE Corporation
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Robert L. Hollis
organization ThreatGuard, Inc.
name Maria Mikhno
organization ALTX-SOFT

description

family

windows

oval:org.mitre.oval:def:471

status

accepted

submitted

2003-08-29T12:00:00.000-04:00

title

IE v5.01 Encoded Characters Information Disclosure Vulnerability

version

accepted

2014-02-24T04:03:20.548-05:00

class

vulnerability

contributors

name Harvey Rubinovitz
organization The MITRE Corporation
name Maria Mikhno
organization ALTX-SOFT

description

family

windows

oval:org.mitre.oval:def:495

status

accepted

submitted

2004-01-27T12:00:00.000-04:00

title

IE v5.5 Encoded Characters Information Disclosure Vulnerability

version

refmap via4

bid	5610
bugtraq	20020903 MSIEv6 % encoding causes a problem again 20020904 Re: MSIEv6 % encoding causes a problem again
osvdb	7845
xf	ie-sameoriginpolicy-bypass(10039)

Last major update

23-07-2021 - 12:55

Published

11-12-2002 - 05:00

Last modified

23-07-2021 - 12:55