CVE-2007-4356

Sažetak

Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .html, or (3) .mht file.

Reference

http://blog.washingtonpost.com/securityfix/2007/08/ftp_files_expose_web_site_cred.html
http://secunia.com/advisories/26427
http://osvdb.org/36400

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

23-07-2021 - 15:04

Objavljeno

15-08-2007 - 00:17