Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the "Improper URL Canonicalization Vulnerability."
References
Configurations
History
20 Nov 2024, 23:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.kb.cert.org/vuls/id/652278 - Third Party Advisory, US Government Resource | |
References | () http://www.securityfocus.com/archive/1/346948 - Vendor Advisory | |
References | () http://www.us-cert.gov/cas/techalerts/TA04-033A.html - US Government Resource | |
References | () http://www.zapthedingbat.com/security/ex01/vun1.htm - Exploit, Vendor Advisory | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/13935 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A490 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A491 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A510 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A511 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A512 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A513 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A526 - |
Information
Published : 2004-01-20 05:00
Updated : 2024-11-20 23:46
NVD link : CVE-2003-1025
Mitre link : CVE-2003-1025
CVE.ORG link : CVE-2003-1025
JSON object : View
Products Affected
microsoft
- internet_explorer
CWE
CWE-20
Improper Input Validation