ID CVE-2002-0648
Summary The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 23-07-2021 - 12:55)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
oval via4
  • accepted 2014-02-24T04:00:06.804-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
    family windows
    id oval:org.mitre.oval:def:1026
    status accepted
    submitted 2005-06-22T12:00:00.000-04:00
    title IE5.01,SP3 File Disclosure via Redirects Vulnerability
    version 67
  • accepted 2014-02-24T04:00:09.649-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Maria Mikhno
      organization ALTX-SOFT
    description data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
    family windows
    id oval:org.mitre.oval:def:1148
    status accepted
    submitted 2005-06-22T12:00:00.000-04:00
    title IE6 Installed XP,SP2 File Disclosure via Redirects Vulnerability
    version 66
  • accepted 2014-02-24T04:00:10.519-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
    family windows
    id oval:org.mitre.oval:def:1207
    status accepted
    submitted 2005-06-22T12:00:00.000-04:00
    title IE6,SP1 File Disclosure via Redirects Vulnerability
    version 67
  • accepted 2014-02-24T04:03:24.264-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Sudhir Gandhe
      organization Telos
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
    family windows
    id oval:org.mitre.oval:def:608
    status accepted
    submitted 2005-06-22T12:00:00.000-04:00
    title IE6 for Server 2003 File Disclosure via Redirects Vulnerability
    version 71
  • accepted 2014-02-24T04:03:27.096-05:00
    class vulnerability
    contributors
    • name Harvey Rubinovitz
      organization The MITRE Corporation
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Mikhno
      organization ALTX-SOFT
    description data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
    family windows
    id oval:org.mitre.oval:def:776
    status accepted
    submitted 2005-06-22T12:00:00.000-04:00
    title IE5.01,SP4 File Disclosure via Redirects Vulnerability
    version 67
refmap via4
bid 5560
bugtraq 20020823 Accessing remote/local content in IE (GM#009-IE)
xf ie-xml-redirect-read-files(9936)
Last major update 23-07-2021 - 12:55
Published 24-09-2002 - 04:00
Last modified 23-07-2021 - 12:55
Back to Top