Vulnerabilities > CVE-2017-11872 - Unspecified vulnerability in Microsoft Edge
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11874.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 3 |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS17_NOV_4048954.NASL description The remote Windows host is missing security update 4048954. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests. The vulnerability allows Microsoft Edge to bypass Cross- Origin Resource Sharing (CORS) redirect restrictions, and to follow redirect requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted to a destination website of the attacker last seen 2020-06-01 modified 2020-06-02 plugin id 104550 published 2017-11-14 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104550 title KB4048954: Windows 10 Version 1703 November 2017 Cumulative Update NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS17_NOV_4048953.NASL description The remote Windows host is missing security update 4048953. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests. The vulnerability allows Microsoft Edge to bypass Cross- Origin Resource Sharing (CORS) redirect restrictions, and to follow redirect requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability could force the browser to send data that would otherwise be restricted to a destination website of the attacker last seen 2020-06-01 modified 2020-06-02 plugin id 104549 published 2017-11-14 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/104549 title KB4048953: Windows 10 Version 1607 and Windows Server 2016 November 2017 Cumulative Update
References
- http://www.securityfocus.com/bid/101749
- http://www.securityfocus.com/bid/101749
- http://www.securitytracker.com/id/1039801
- http://www.securitytracker.com/id/1039801
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11872
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11872