Vulnerabilities > CVE-2005-2830 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS05-054.NASL |
description | The remote host is missing IE Cumulative Security Update 905915. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 20299 |
published | 2005-12-13 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/20299 |
title | MS05-054: Cumulative Security Update for Internet Explorer (905915) |
code |
|
Oval
accepted 2014-02-24T04:00:08.025-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." family windows id oval:org.mitre.oval:def:1097 status accepted submitted 2005-12-13T12:00:00.000-04:00 title Win2K/XP,SP1 HTTPS Proxy Vulnerability version 71 accepted 2014-02-24T04:00:08.222-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." family windows id oval:org.mitre.oval:def:1101 status accepted submitted 2005-12-13T12:00:00.000-04:00 title WinXP,SP1 (64-bit) HTTPS Proxy Vulnerability version 71 accepted 2014-02-24T04:00:09.290-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." family windows id oval:org.mitre.oval:def:1143 status accepted submitted 2005-12-13T12:00:00.000-04:00 title Server 2003,SP1 HTTPS Proxy Vulnerability version 71 accepted 2014-02-24T04:00:13.966-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." family windows id oval:org.mitre.oval:def:1317 status accepted submitted 2005-12-13T12:00:00.000-04:00 title Server 2003 HTTPS Proxy Vulnerability version 70 accepted 2014-02-24T04:00:16.984-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Jonathan Baker organization The MITRE Corporation name Dragos Prisaca organization Gideon Technologies, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." family windows id oval:org.mitre.oval:def:1435 status accepted submitted 2005-12-13T12:00:00.000-04:00 title WinXP,SP2 HTTPS Proxy Vulnerability version 72 accepted 2014-02-24T04:00:19.447-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Anna Min organization BigFix, Inc name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc. name Maria Mikhno organization ALTX-SOFT
description Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." family windows id oval:org.mitre.oval:def:1521 status accepted submitted 2005-12-13T12:00:00.000-04:00 title Win2K,SP4 HTTPS Proxy Vulnerability version 71
References
- http://www.securityfocus.com/bid/15825
- http://securitytracker.com/id?1015350
- http://secunia.com/advisories/15368
- http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf
- http://secunia.com/advisories/18064
- http://secunia.com/advisories/18311
- http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420
- http://www.vupen.com/english/advisories/2005/2909
- http://www.vupen.com/english/advisories/2005/2867
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23451
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054