| Vulnerability Name: | CVE-2004-2219 (CCN-17007) | ||||||||
| Assigned: | 2004-08-16 | ||||||||
| Published: | 2004-08-16 | ||||||||
| Updated: | 2021-07-23 | ||||||||
| Summary: | Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: BUGTRAQ Type: Exploit 20040815 NullyFake - Site Spoofing in MSIE Source: CCN Type: BugTraq Mailing List, Sun Aug 15 2004 - 03:49:43 CDT NullyFake - Site Spoofing in MSIE Source: MITRE Type: CNA CVE-2004-2219 Source: CCN Type: SA12304 Internet Explorer Address Bar Spoofing Vulnerability Source: SECUNIA Type: Exploit, Vendor Advisory 12304 Source: CCN Type: SECTRACK ID: 1010957 Microsoft Internet Explorer Unregistered Protocol State Error Lets Remote Users Spoof Location Bar Source: SECTRACK Type: Exploit 1010957 Source: MISC Type: UNKNOWN http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt Source: OSVDB Type: UNKNOWN 8978 Source: CCN Type: OSVDB ID: 8978 Microsoft IE Address Bar Spoofing (NullyFake) Source: CCN Type: BID-10943 Microsoft Internet Explorer Spoofed Address Bar Vulnerability Source: XF Type: UNKNOWN ie-address-bar-spoofing(17007) Source: XF Type: UNKNOWN ie-address-bar-spoofing(17007) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||