Computer Security
[EN] securityvulns.ru
no-pyccku

  

Microsoft Internet Explorer XmlHTTPRequest object request and response spoofing
Published:25.05.2006
Source:
SecurityVulns ID:6179
Type:client
Threat Level:
6/10
Description:It's possible to spoof client application request and, under some conditions, server reply by using Microsoft.XMLHTTP object.
Affected:MICROSOFT : Internet Explorer 5.5
 MICROSOFT : Internet Explorer 6.0
Original documentdocumentAmit Klein (AKsecurity), Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)" (25.05.2006)
 documentAmit Klein (AKsecurity), "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein (25.05.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru