Vulnerability Name:

CVE-2003-1026 (CCN-13846)

Assigned:2003-11-25
Published:2003-11-25
Updated:2021-07-23
Summary:Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
8.1 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Tue Nov 25 2003 - 03:56:38 CST
BackToFramedJpu - a successor of BackToJpu attack

Source: CCN
Type: Full-Disclosure Mailing List, Tue Nov 25 2003 - 04:36:39 CST
IE Key

Source: MITRE
Type: CNA
CVE-2003-1026

Source: BUGTRAQ
Type: UNKNOWN
20031125 BackToFramedJpu - a successor of BackToJpu attack

Source: BUGTRAQ
Type: UNKNOWN
20031201 Comments on 5 IE vulnerabilities

Source: CCN
Type: 80vul Web site
Multiple Exploiting IE8/IE7 XSS Vulnerability

Source: CCN
Type: CIAC Information Bulletin O-068
Microsoft Internet Explorer Cumulative Patch [Microsoft Security Bulletin MS04-004]

Source: CCN
Type: US-CERT VU#784102
Microsoft Internet Explorer does not properly validate source of URL stored in Travel Log

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#784102

Source: CCN
Type: Microsoft Security Bulletin MS04-004
Cumulative Security Update for Internet Explorer (832894)

Source: CCN
Type: Microsoft Security Bulletin MS04-025
Cumulative Security Update for Internet Explorer (867801)

Source: CCN
Type: Microsoft Security Bulletin MS04-038
Cumulative Security Update for Internet Explorer (834707)

Source: CCN
Type: Microsoft Security Bulletin MS04-040
Cumulative Security Update for Internet Explorer (889293)

Source: CCN
Type: Microsoft Security Bulletin MS05-014
Cumulative Security Update for Internet Explorer (867282)

Source: CCN
Type: Microsoft Security Bulletin MS05-020
Cumulative Security Update for Internet Explorer (890923)

Source: CCN
Type: Microsoft Security Bulletin MS05-025
Cumulative Security Update for Internet Explorer (883939)

Source: CCN
Type: Microsoft Security Bulletin MS05-038
Cumulative Security Update for Internet Explorer (896727)

Source: CCN
Type: Microsoft Security Bulletin MS05-052
Cumulative Security Update for Internet Explorer (896688)

Source: CCN
Type: Microsoft Security Bulletin MS05-054
Cumulative Security Update for Internet Explorer (905915)

Source: CCN
Type: Microsoft Security Bulletin MS06-004
Cumulative Security Update for Internet Explorer (910620)

Source: CCN
Type: Microsoft Security Bulletin MS06-013
Cumulative Security Update for Internet Explorer (912812)

Source: CCN
Type: Microsoft Security Bulletin MS06-021
Cumulative Security Update for Internet Explorer (916281)

Source: CCN
Type: Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer (918899)

Source: CCN
Type: Microsoft Security Bulletin MS06-067
Cumulative Security Update for Internet Explorer (922760)

Source: CCN
Type: Microsoft Security Bulletin MS06-072
Cumulative Security Update for Internet Explorer (925454)

Source: CCN
Type: Microsoft Security Bulletin MS07-016
Cumulative Security Update for Internet Explorer (928090)

Source: CCN
Type: Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)

Source: CCN
Type: Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)

Source: CCN
Type: Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer (937143)

Source: CCN
Type: Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)

Source: CCN
Type: Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)

Source: CCN
Type: Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)

Source: CCN
Type: Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)

Source: CCN
Type: Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)

Source: CCN
Type: Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)

Source: CCN
Type: Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)

Source: MISC
Type: UNKNOWN
http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu

Source: CCN
Type: BID-35455
Microsoft Internet Explorer HTML Attribute JavaScript URI Security Bypass Vulnerability

Source: CCN
Type: BID-9109
Microsoft Internet Explorer BackToFramedJPU Cross-Domain Policy Vulnerability

Source: CERT
Type: US Government Resource
TA04-033A

Source: MS
Type: UNKNOWN
MS04-004

Source: XF
Type: UNKNOWN
ie-subframe-xss(13846)

Source: XF
Type: UNKNOWN
ie-subframe-xss(13846)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:630

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:643

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:687

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:689

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:745

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:774

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:805

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:*:*:*:*:x64:*
  • AND
  • cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:*:*:*:*:x64:*
  • OR cpe:/o:microsoft:windows:2003_server:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:630
    V
    		IE v5.01,SP2 Travel Log Cross Domain Vulnerability
    2014-02-24
    oval:org.mitre.oval:def:745
    V
    		IE v6.0 (XP) Travel Log Cross Domain Vulnerability
    2014-02-24
    oval:org.mitre.oval:def:643
    V
    		IE v5.01,SP3 Travel Log Cross Domain Vulnerability
    2014-02-24
    oval:org.mitre.oval:def:774
    V
    		IE v6.0,SP1 Travel Log Cross Domain Vulnerability
    2014-02-24
    oval:org.mitre.oval:def:687
    V
    		IE v5.01,SP4 Travel Log Cross Domain Vulnerability
    2014-02-24
    oval:org.mitre.oval:def:805
    V
    		IE v6.0,SP1 (Server 2003) Travel Log Cross Domain Vulnerability
    2014-02-24
    oval:org.mitre.oval:def:689
    V
    		IE v5.5,SP2 Travel Log Cross Domain Vulnerability
    2014-02-24
    BACK
    microsoft internet explorer 5.5
    microsoft internet explorer 5.5 sp1
    microsoft internet explorer 5.0.1 sp2
    microsoft internet explorer 5.0.1 sp3
    microsoft internet explorer 5.0
    microsoft internet explorer 5.5 sp2
    microsoft internet explorer 6.0
    microsoft internet explorer 5.0.1
    microsoft internet explorer 5.0.1 sp1
    microsoft ie 6.0 sp1
    microsoft ie 6.0
    microsoft ie 5.5 sp2
    microsoft ie 6.0 sp1
    microsoft ie 5.01 sp3
    microsoft ie 5.01 sp4
    microsoft ie 5.01 sp2
    microsoft ie 7.0
    microsoft ie 8.0
    microsoft windows xp * sp1
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows xp * sp1
    microsoft windows 2000 * sp4
    microsoft windows xp *
    microsoft windows 2003_server
    microsoft windows 2003_server