HTTP: Internet Explorer Cross Domain Information Disclosure (CVE-2006-3280)
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. Attackers can use the vulnerability to disclose information.
Extended Description
Microsoft Internet Explorer is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain policies. This issue may allow attackers to access arbitrary websites in the context of a targeted user's browser session. This may allow attackers to perform actions in web applications with the privileges of exploited users or to gain access to potentially sensitive information. This may aid attackers in further attacks.
Affected Products
Nortel_networks callpilot
Short Name
HTTP:STC:IE:CROSS-DOMAIN-INFO
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
(CVE-2006-3280) CVE-2006-3280 Cross Disclosure Domain Explorer Information Internet bid:18682
Release Date
09/10/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
CVSS Score
7.5