Vulnerabilities > CVE-2002-1186 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Oval
accepted 2014-02-24T04:00:16.674-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." family windows id oval:org.mitre.oval:def:143 status accepted submitted 2004-01-27T05:00:00.000-04:00 title Microsoft IE Encoded Characters Information Disclosure version 66 accepted 2014-02-24T04:03:19.599-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." family windows id oval:org.mitre.oval:def:471 status accepted submitted 2003-08-29T12:00:00.000-04:00 title IE v5.01 Encoded Characters Information Disclosure Vulnerability version 67 accepted 2014-02-24T04:03:20.548-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure." family windows id oval:org.mitre.oval:def:495 status accepted submitted 2004-01-27T12:00:00.000-04:00 title IE v5.5 Encoded Characters Information Disclosure Vulnerability version 66
References
- http://www.iss.net/security_center/static/10039.php
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html
- http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html
- http://www.securityfocus.com/bid/5610
- http://www.osvdb.org/7845
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066