Vulnerabilities > CVE-2004-0845 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Oval
accepted 2014-02-24T04:02:53.847-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name John Hoyland organization Centennial Software name John Hoyland organization Centennial Software name Jeff Cheng organization Opsware, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. family windows id oval:org.mitre.oval:def:2219 status accepted submitted 2004-10-26T04:00:00.000-04:00 title IE v6.0 SSL Cached Content Vulnerability version 70 accepted 2014-02-24T04:03:17.096-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Harvey Rubinovitz organization The MITRE Corporation name John Hoyland organization Centennial Software name Robert L. Hollis organization ThreatGuard, Inc. name Jeff Cheng organization Opsware, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. family windows id oval:org.mitre.oval:def:3872 status accepted submitted 2004-10-26T12:00:00.000-04:00 title IE v6.0,SP1 (Server 2003) SSL Cached Content Vulnerability version 70 accepted 2014-02-24T04:03:21.476-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name John Hoyland organization Centennial Software name Robert L. Hollis organization ThreatGuard, Inc. name Jeff Cheng organization Opsware, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. family windows id oval:org.mitre.oval:def:5150 status accepted submitted 2005-01-18T12:00:00.000-04:00 title IE v5.01, SP4 SSL Cached Content Vulnerability version 69 accepted 2014-02-24T04:03:23.268-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name John Hoyland organization Centennial Software name Jeff Cheng organization Opsware, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. family windows id oval:org.mitre.oval:def:5520 status accepted submitted 2005-01-18T12:00:00.000-04:00 title IE v5.5, SP2 SSL Cached Content Vulnerability version 69 accepted 2014-02-24T04:03:23.836-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name John Hoyland organization Centennial Software name Robert L. Hollis organization ThreatGuard, Inc. name Jeff Cheng organization Opsware, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. family windows id oval:org.mitre.oval:def:5740 status accepted submitted 2004-10-26T02:20:00.000-04:00 title IE v6.0,SP1 SSL Cached Content Vulnerability version 70 accepted 2014-02-24T04:03:26.721-05:00 class vulnerability contributors name Harvey Rubinovitz organization The MITRE Corporation name John Hoyland organization Centennial Software name Robert L. Hollis organization ThreatGuard, Inc. name Jeff Cheng organization Opsware, Inc. name Maria Mikhno organization ALTX-SOFT
description Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site. family windows id oval:org.mitre.oval:def:7611 status accepted submitted 2004-10-26T02:09:00.000-04:00 title IE v5.01,SP3 SSL Cached Content Vulnerability version 69
References
- http://www.us-cert.gov/cas/techalerts/TA04-293A.html
- http://www.kb.cert.org/vuls/id/795720
- http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt
- http://marc.info/?l=bugtraq&m=109770364504803&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17654
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17651
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7611
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5740
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5520
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5150
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3872
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2219
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038