Vulnerability Description
Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Ie | 5.22 |
| Microsoft | Internet Explorer | 5.5 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/3989
- http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html
- http://www.securityfocus.com/archive/1/348360
- http://www.securityfocus.com/archive/1/348574
- http://www.securityfocus.com/bid/9295
- http://securityreason.com/securityalert/3989
- http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html
- http://www.securityfocus.com/archive/1/348360
- http://www.securityfocus.com/archive/1/348574
- http://www.securityfocus.com/bid/9295
FAQ
What is CVE-2003-1559?
CVE-2003-1559 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially s...
How severe is CVE-2003-1559?
CVE-2003-1559 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1559?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Ie, Microsoft Internet Explorer.