Vulnerability Name: | CVE-2006-5913 (CCN-40319) | ||||||||
Assigned: | 2006-11-03 | ||||||||
Published: | 2006-11-03 | ||||||||
Updated: | 2018-10-17 | ||||||||
Summary: | Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. | ||||||||
CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P) 5.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:U/RC:UR)
2.1 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: BugTraq Mailing List, Fri Nov 03 2006 - 12:00:48 CST IE7 website security certificate discrediting exploit Source: MITRE Type: CNA CVE-2006-5913 Source: CCN Type: Inge Henriksen's Technology Blog IE7 website security certificate discrediting spoof - Friday, November 03, 2006 Source: MISC Type: Exploit http://www.blogger.com/comment.g?blogID=15069726&postID=116257593427394541 Source: CCN Type: Microsoft Web site Microsoft Internet Explorer Source: BUGTRAQ Type: UNKNOWN 20061107 Re: IE7 website security certificate discrediting exploit Source: CCN Type: BID-28581 Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability Source: XF Type: UNKNOWN ie-certificate-spoofing(40319) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
BACK |