Vulnerability in N/a
CVE-2008-1544
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote…
EPSS: 0.512 (97.9th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- MS08-031 (x_refsource_MS, vendor-advisory)
- www.mindedsecurity.com/MSA02240108.html (x_refsource_MISC)
- 29453 (x_refsource_SECUNIA, third-party-advisory)
- oval:org.mitre.oval:def:5291 (x_refsource_OVAL, signature, vdb-entry)
- ADV-2008-1778 (vdb-entry, x_refsource_VUPEN)
- 1020226 (vdb-entry, x_refsource_SECTRACK)
- TA08-162B (x_refsource_CERT, third-party-advisory)
- HPSBST02344 (x_refsource_HP, vendor-advisory)
- 28379 (vdb-entry, x_refsource_BID)
- 20080321 [MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling. (mailing-list, x_refsource_BUGTRAQ)