CVE-2000-0982

Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.acrossecurity.com/aspr/ASPR-2000-07-22-2-PUB.txt
http://www.securityfocus.com/bid/1793	Exploit Patch Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-076
https://exchange.xforce.ibmcloud.com/vulnerabilities/5367

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:internet_explorer:4.0:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.0.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:4.1:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.0:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.01:::::::*

History

No history.

Information

Published : 2000-12-19 05:00

Updated : 2024-02-28 10:24

NVD link : CVE-2000-0982

Mitre link : CVE-2000-0982

CVE.ORG link : CVE-2000-0982

JSON object : View

Products Affected

microsoft

internet_explorer

CWE

NVD-CWE-Other

{"id": "CVE-2000-0982", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2000-12-19T05:00:00.000", "references": [{"url": "http://www.acrossecurity.com/aspr/ASPR-2000-07-22-2-PUB.txt", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/1793", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-076", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5367", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the \"Cached Web Credentials\" vulnerability."}], "lastModified": "2021-07-23T12:18:31.047", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5B815D9-BC21-4A17-AF00-B8AD181027D7"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42502347-DD40-4F8C-9861-C0A88A3F8608"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44FF4E47-AD75-42C7-BB84-42BBA46A58B2"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6B8985B-B927-4928-B1DB-18E29F796992"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}