CVE-2004-2219

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html	Exploit
http://secunia.com/advisories/12304	Exploit Vendor Advisory
http://securitytracker.com/id?1010957	Exploit
http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt
http://www.osvdb.org/8978
https://exchange.xforce.ibmcloud.com/vulnerabilities/17007

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:ie:6.0:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.01:::::::*
	cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*

History

23 Jul 2021, 12:55

Type	Values Removed	Values Added
CPE	cpe:2.3:a:microsoft:ie:5.01:::::::* cpe:2.3:a:microsoft:ie:5.5:::::::* cpe:2.3:a:microsoft:ie:6.0:::::::*	cpe:2.3:a:microsoft:internet_explorer:5.01:::::::* cpe:2.3:a:microsoft:internet_explorer:6.0:::::::* cpe:2.3:a:microsoft:internet_explorer:5.5:::::::*

Information

Published : 2004-12-31 05:00

Updated : 2023-12-10 10:17

NVD link : CVE-2004-2219

Mitre link : CVE-2004-2219

CVE.ORG link : CVE-2004-2219

JSON object : View

Products Affected

microsoft

internet_explorer
ie

CWE

NVD-CWE-Other

{"id": "CVE-2004-2219", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2004-12-31T05:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/12304", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1010957", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/8978", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17007", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake."}], "lastModified": "2021-07-23T12:55:03.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6219D36E-9E2C-4DC7-8FD5-FAD144A333F6"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40F8042F-C621-45AE-9F8C-70469579643A"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}