CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-4356

Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.283

EPSS Ranking 96.3%

CVSS Severity

CVSS v2 Score 9.3

References

http://blog.washingtonpost.com/securityfix/2007/08/ftp_files_expose_web_site_cred.html
http://osvdb.org/36400
http://secunia.com/advisories/26427
http://blog.washingtonpost.com/securityfix/2007/08/ftp_files_expose_web_site_cred.html
http://osvdb.org/36400
http://secunia.com/advisories/26427

Products affected by CVE-2007-4356

Microsoft » Internet Explorer » Version: 6

cpe:2.3:a:microsoft:internet_explorer:6
Microsoft » Internet Explorer » Version: 7

cpe:2.3:a:microsoft:internet_explorer:7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-4356

Products

Pricing

Contact Us