Vulnerability Name: | CVE-2003-1026 (CCN-13846) | ||||||||||||||||||||||||||||||||
Assigned: | 2003-11-25 | ||||||||||||||||||||||||||||||||
Published: | 2003-11-25 | ||||||||||||||||||||||||||||||||
Updated: | 2021-07-23 | ||||||||||||||||||||||||||||||||
Summary: | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability." | ||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 8.1 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-264 | ||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||
References: | Source: CCN Type: BugTraq Mailing List, Tue Nov 25 2003 - 03:56:38 CST BackToFramedJpu - a successor of BackToJpu attack Source: CCN Type: Full-Disclosure Mailing List, Tue Nov 25 2003 - 04:36:39 CST IE Key Source: MITRE Type: CNA CVE-2003-1026 Source: BUGTRAQ Type: UNKNOWN 20031125 BackToFramedJpu - a successor of BackToJpu attack Source: BUGTRAQ Type: UNKNOWN 20031201 Comments on 5 IE vulnerabilities Source: CCN Type: 80vul Web site Multiple Exploiting IE8/IE7 XSS Vulnerability Source: CCN Type: CIAC Information Bulletin O-068 Microsoft Internet Explorer Cumulative Patch [Microsoft Security Bulletin MS04-004] Source: CCN Type: US-CERT VU#784102 Microsoft Internet Explorer does not properly validate source of URL stored in Travel Log Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#784102 Source: CCN Type: Microsoft Security Bulletin MS04-004 Cumulative Security Update for Internet Explorer (832894) Source: CCN Type: Microsoft Security Bulletin MS04-025 Cumulative Security Update for Internet Explorer (867801) Source: CCN Type: Microsoft Security Bulletin MS04-038 Cumulative Security Update for Internet Explorer (834707) Source: CCN Type: Microsoft Security Bulletin MS04-040 Cumulative Security Update for Internet Explorer (889293) Source: CCN Type: Microsoft Security Bulletin MS05-014 Cumulative Security Update for Internet Explorer (867282) Source: CCN Type: Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923) Source: CCN Type: Microsoft Security Bulletin MS05-025 Cumulative Security Update for Internet Explorer (883939) Source: CCN Type: Microsoft Security Bulletin MS05-038 Cumulative Security Update for Internet Explorer (896727) Source: CCN Type: Microsoft Security Bulletin MS05-052 Cumulative Security Update for Internet Explorer (896688) Source: CCN Type: Microsoft Security Bulletin MS05-054 Cumulative Security Update for Internet Explorer (905915) Source: CCN Type: Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer (910620) Source: CCN Type: Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: MISC Type: UNKNOWN http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu Source: CCN Type: BID-35455 Microsoft Internet Explorer HTML Attribute JavaScript URI Security Bypass Vulnerability Source: CCN Type: BID-9109 Microsoft Internet Explorer BackToFramedJPU Cross-Domain Policy Vulnerability Source: CERT Type: US Government Resource TA04-033A Source: MS Type: UNKNOWN MS04-004 Source: XF Type: UNKNOWN ie-subframe-xss(13846) Source: XF Type: UNKNOWN ie-subframe-xss(13846) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:630 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:643 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:687 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:689 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:745 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:774 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:805 | ||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
BACK |