Summary
This host has Internet Explorer installed and is prone to Web Script Execution vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary web script and spoof an arbitrary https site by letting a browser obtain a valid certificate.
Impact Level: Application
Solution
Upgrade to latest version,
http://www.microsoft.com/windows/internet-explorer/download-ie.aspx
Insight
- Error exists while the HTTP Host header to determine the context of a document provided in a '4xx' or '5xx' CONNECT response from a proxy server, and these can be exploited by modifying the CONNECT response, aka an 'SSL tampering' attack.
- Displays a cached certificate for a '4xx' or '5xx' CONNECT response page returned by a proxy server, which can be exploited by sending the browser a crafted 502 response page upon a subsequent request.
Affected
Microsoft Internet Explorer version prior to 8.0 on Windows.
References
Severity
Classification
-
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari Webcore Webkit 'XSSAuditor.cpp' XSS Vulnerability (Windows)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)
- Apple Safari Secure Cookie Security Bypass Vulnerability (Mac OS X)
- Asterisk Missing ACL Check Remote Security Bypass Vulnerability
- CA Gateway Security Remote Code Execution Vulnerability