PT-2003-2504 · Microsoft · Internet Explorer

Deane

Published

2003-12-31

Updated

2021-07-23

CVE-2003-1559

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5 through 6 SP1 Microsoft Internet Explorer version 5.22

Description The issue allows remote attackers to obtain potentially sensitive information by reading Referer log data. This occurs because Microsoft Internet Explorer sends Referer headers containing https:// URLs in requests for http:// URLs.

Recommendations For Microsoft Internet Explorer version 5.22, update to a version that does not send Referer headers with https:// URLs in requests for http:// URLs. For Microsoft Internet Explorer versions 5 through 6 SP1, update to a version that does not send Referer headers with https:// URLs in requests for http:// URLs.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2003-1559

Affected Products

Internet Explorer

PT-2003-2504 · Microsoft · Internet Explorer

CVE-2003-1559

Weakness Enumeration

Related Identifiers

Affected Products

References · 6