Vulnerability Description
Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web site, whose content is cached and reused when the user visits the target web site.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Ie | 6 |
| Microsoft | Internet Explorer | 5.01 |
References
- http://marc.info/?l=bugtraq&m=109770364504803&w=2
- http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt
- http://www.kb.cert.org/vuls/id/795720PatchThird Party AdvisoryUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA04-293A.htmlPatchThird Party AdvisoryUS Government Resource
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-03
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17651
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17654
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=109770364504803&w=2
- http://www.acrossecurity.com/aspr/ASPR-2004-10-13-1-PUB.txt
FAQ
What is CVE-2004-0845?
CVE-2004-0845 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content, which allows remote attackers to obtain information or spoof content via a web site with the same host name as the target web si...
How severe is CVE-2004-0845?
CVE-2004-0845 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0845?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Ie, Microsoft Internet Explorer.