Vulnerability Name:

CVE-2008-1544 (CCN-41411)

Assigned:2008-03-21
Published:2008-03-21
Updated:2019-02-26
Summary:The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.1 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-20
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2008-1544

Source: CCN
Type: HP Security Bulletin HPSBST02344 SSRT080087 rev.1
Storage Management Appliance (SMA), Microsoft Patch Applicability MS08-030 to MS08-036

Source: HP
Type: UNKNOWN
HPSBST02344

Source: CCN
Type: SA29453
Internet Explorer HTTP Request Smuggling/Splitting Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
29453

Source: SREASON
Type: UNKNOWN
3785

Source: CCN
Type: SECTRACK ID: 1020226
Microsoft Internet Explorer HTTP Request Header Bug May Let Remote Users Obtain Information in a Different Domain

Source: CCN
Type: ASA-2008-233
MS08-031 Cumulative Security Update for Internet Explorer (950759)

Source: CCN
Type: NORTEL BULLETIN ID: 2008008891, Rev 1
Centrex IP Client Manager (CICM) response to Microsoft June security bulletin

Source: CCN
Type: NORTEL BULLETIN ID: 2008008896, Rev 1
Nortel Response to Microsoft Security Bulletin MS08-031

Source: CCN
Type: Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)

Source: CCN
Type: Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)

Source: CCN
Type: Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)

Source: CCN
Type: Minded Security Labs: Advisory #MSA02240108
Microsoft Internet Explorer allows overwriting of several headers leading to Http request Splitting and smuggling.

Source: MISC
Type: UNKNOWN
http://www.mindedsecurity.com/MSA02240108.html

Source: BUGTRAQ
Type: UNKNOWN
20080321 [MSA02240108] IE7 allows overwriting of several headers leading to Http request Splitting and smuggling.

Source: BID
Type: Patch
28379

Source: CCN
Type: BID-28379
Microsoft Internet Explorer 'setRequestHeader()' Multiple Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1020226

Source: CERT
Type: US Government Resource
TA08-162B

Source: VUPEN
Type: Vendor Advisory
ADV-2008-0980

Source: VUPEN
Type: Vendor Advisory
ADV-2008-1778

Source: MS
Type: UNKNOWN
MS08-031

Source: XF
Type: UNKNOWN
ie-setrequestheader-security-bypass(41411)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:5291

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:*
  • OR cpe:/o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:5291
    V
    		Request Header Cross-Domain Information Disclosure Vulnerability
    2014-08-18
    BACK
    microsoft internet explorer 5.01 sp4
    microsoft internet explorer 6 sp1
    microsoft windows 2000 * sp4
    microsoft internet explorer 6
    microsoft windows server 2003 *
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp2
    microsoft windows xp *
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp3
    microsoft internet explorer 7
    microsoft windows server 2003 *
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp1
    microsoft windows server 2003 * sp2
    microsoft windows server 2008 *
    microsoft windows server 2008 *
    microsoft windows server 2008 *
    microsoft windows vista *
    microsoft windows vista *
    microsoft windows vista * sp1
    microsoft windows vista * sp1
    microsoft windows xp *
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp3
    microsoft ie 6.0
    microsoft ie 6.0 sp1
    microsoft ie 7.0
    microsoft ie 5.0.1 sp4