CVE-2001-0665

Published Oct 30, 2001

Last updated 6 years ago

Overview

Description: Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:ie:*:windows_server_2003_sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66815960-CEFF-477A-A147-963A112206CF",
            "versionEndIncluding": "6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References