CVE-2001-0339
CVSS7.5
发布时间 :2001-06-27 00:00:00
修订时间 :2008-09-05 16:23:52
NMCO    

[原文]Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."


[CNNVD]Microsoft IE SSL哄骗漏洞(CNNVD-200106-144)

        Internet Explorer 5.5及其早期版本存在漏洞。远程攻击者在地址栏显示URL,这与实际上被显示的URL是不同的,该漏洞可能用在网站哄骗攻击,也称为“web也哄骗漏洞”。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1096IE Web Page Spoofing Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0339
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0339
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200106-144
(官方数据源) CNNVD

- 其它链接及资源

http://www.microsoft.com/technet/security/bulletin/MS01-027.asp
(VENDOR_ADVISORY)  MS  MS01-027
http://xforce.iss.net/static/6556.php
(UNKNOWN)  XF  ie-html-url-spoofing(6556)
http://www.securityfocus.com/bid/2737
(UNKNOWN)  BID  2737
http://www.osvdb.org/5694
(UNKNOWN)  OSVDB  5694
http://www.ciac.org/ciac/bulletins/l-087.shtml
(UNKNOWN)  CIAC  L-087

- 漏洞信息

Microsoft IE SSL哄骗漏洞
高危 未知
2001-06-27 00:00:00 2005-10-12 00:00:00
远程  
        Internet Explorer 5.5及其早期版本存在漏洞。远程攻击者在地址栏显示URL,这与实际上被显示的URL是不同的,该漏洞可能用在网站哄骗攻击,也称为“web也哄骗漏洞”。

- 公告与补丁

        Microsoft has released a patch which rectifies this issue:
        http://www.microsoft.com/windows/ie/download/critical/q295106/default.asp
        Service Pack 2 for Internet Explorer 5.5 fixes this issue:
        http://download.microsoft.com/download/ie55sp2/install/5.5_sp2/win98me/en-us/ie5setup.exe
        Microsoft Internet Explorer 5.5 SP1
        
        Microsoft Internet Explorer 5.5
        

- 漏洞信息

5694
Microsoft IE Address Bar URL Spoofing
Remote / Network Access
Loss of Confidentiality
Exploit Public

- 漏洞描述

Microsoft Internet Explorer has an issue that may allow a web site to display an arbitrary URL in the address bar different to the one actually being visited. This would allow a malicious site to spoof the contents of a legitimate site in an attempt to steal sensitive data from users. This can take place within a SSL session to further add to the legimacy of the spoof.

- 时间线

2001-05-06 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站