| Vulnerability Name: | CVE-2013-1451 (CCN-81706) | ||||||||
| Assigned: | 2013-01-28 | ||||||||
| Published: | 2013-01-28 | ||||||||
| Updated: | 2013-01-30 | ||||||||
| Summary: | Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P) 3.5 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:P/E:POC/RL:U/RC:UR)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-16 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2013-1451 Source: CCN Type: Christian Haider Microsoft Internet Explorer CVE-2013-1450 Information Disclosure Vulnerability Source: MISC Type: Exploit http://pastebin.com/raw.php?i=rz9BcBey Source: CCN Type: Microsoft Web site Internet Explorer Source: CCN Type: BID-57641 Microsoft Internet Explorer Address Bar CVE-2013-1451 URI Spoofing Vulnerability Source: MISC Type: Exploit http://www.youtube.com/ChristianHaiderPoC Source: MISC Type: Exploit http://www.youtube.com/watch?v=TPqagWAvo8U Source: XF Type: UNKNOWN msie-ssl-lock-spoofing(81706) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [01-28-2013] | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||