Vulnerabilities > CVE-2013-1450 - Configuration vulnerability in Microsoft Internet Explorer 8/9
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Common Weakness Enumeration (CWE)
Seebug
bulletinFamily | exploit |
description | Bugtraq ID:57640 CVE ID: CVE-2013-1450 Microsoft Internet Explorer是一款流行的WEB浏览器。 在Microsoft Internet Explorer代理服务设置中,如果HTTP和Secure栏中具有相同代理地址和端口,I没有正确重用TCP会话,通过构建特制HTML文档,触发多个HTTPS请求,然后触发一个对该主机的HTTP请求,可获得特定主机的敏感信息。 0 Microsoft Internet Explorer 9 Microsoft Internet Explorer 8 厂商解决方案 目前没有详细解决方案提供: http://www.microsoft.com/windows/products/winfamily/ie/default.mspx |
id | SSV:60617 |
last seen | 2017-11-19 |
modified | 2013-02-03 |
published | 2013-02-03 |
reporter | Root |
source | https://www.seebug.org/vuldb/ssvid-60617 |
title | Microsoft Internet Explorer 信息泄露漏洞(CVE-2013-1450) |