HTTP: Microsoft Internet Explorer Request Header Cross Domain Information
This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. Attackers can disclose potentially confidential information without the consent of the victim.
Extended Description
Microsoft Internet Explorer is prone to multiple vulnerabilities that allow for referer-spoofing, HTTP-request-splitting, and HTTP-request-smuggling attacks. A remote attacker may leverage these classes of attacks to poison web caches, steal credentials, evade IDS signatures, and launch cross-site scripting, HTML-injection, and session-hijacking attacks. Other attacks are also possible.
Affected Products
Avaya messaging_application_server,Nortel_networks centrex_ip_client_manager
Short Name
HTTP:STC:IE:IE-HEADER-XDOM-INFO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2008-1544 Cross Domain Explorer Header Information Internet Microsoft Request bid:28379
Release Date
10/07/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Nortel_networks
Avaya
Microsoft
CVSS Score
7.1