| Vulnerability Name: | CVE-2005-2830 (CCN-23451) | ||||||||||||||||||||||||||||
| Assigned: | 2005-12-13 | ||||||||||||||||||||||||||||
| Published: | 2005-12-13 | ||||||||||||||||||||||||||||
| Updated: | 2021-07-23 | ||||||||||||||||||||||||||||
| Summary: | Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability." | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2005-2830 Source: CCN Type: SA15368 Microsoft Internet Explorer Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 15368 Source: CCN Type: SA18064 Avaya Products Microsoft Windows Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 18064 Source: CCN Type: SA18311 Nortel Centrex IP Client Manager Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 18311 Source: CCN Type: SECTRACK ID: 1015350 Microsoft Internet Explorer Bug in Using HTTPS Proxies May Disclose Web URLs to Remote Users Source: SECTRACK Type: UNKNOWN 1015350 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf Source: CCN Type: Microsoft Security Bulletin MS05-054 Cumulative Security Update for Internet Explorer (905915) Source: CCN Type: Microsoft Security Bulletin MS06-004 Cumulative Security Update for Internet Explorer (910620) Source: CCN Type: Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: BID Type: Patch 15825 Source: CCN Type: BID-15825 Microsoft Internet Explorer HTTPS Proxy Information Disclosure Vulnerability Source: VUPEN Type: UNKNOWN ADV-2005-2867 Source: VUPEN Type: UNKNOWN ADV-2005-2909 Source: MISC Type: UNKNOWN http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420 Source: MS Type: UNKNOWN MS05-054 Source: XF Type: UNKNOWN ie-https-proxy-information-disclosure(23451) Source: XF Type: UNKNOWN ie-https-proxy-information-disclosure(23451) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1097 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1101 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1143 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1317 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1435 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1521 | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||