Vulnerability Details CVE-2003-1559
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.399
EPSS Ranking 97.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://securityreason.com/securityalert/3989
- http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html
- http://www.securityfocus.com/archive/1/348360
- http://www.securityfocus.com/archive/1/348574
- http://www.securityfocus.com/bid/9295
- http://securityreason.com/securityalert/3989
- http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html
- http://www.securityfocus.com/archive/1/348360
- http://www.securityfocus.com/archive/1/348574
- http://www.securityfocus.com/bid/9295
Products affected by CVE-2003-1559
-
cpe:2.3:a:microsoft:ie:5.22
-
cpe:2.3:a:microsoft:internet_explorer:5.5
-
cpe:2.3:a:microsoft:internet_explorer:6