CVE-2008-1544

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5.01 through 7

Description The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name. This allows remote attackers to conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, access arbitrary virtual hosts via a modified Host header, bypass referrer restrictions via an incorrect Referer header, and bypass the same-origin policy and obtain sensitive information via a crafted request header. An information disclosure vulnerability exists in the way Internet Explorer handles certain request headers, which could allow an attacker to read data from another Internet Explorer domain by constructing a specially crafted Web page.

Recommendations For Microsoft Internet Explorer versions 5.01 through 7, consider disabling the setRequestHeader method of the XMLHttpRequest object as a temporary workaround until a patch is available. Restrict access to sensitive information and virtual hosts to minimize the risk of exploitation. Avoid using crafted request headers in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.