CVE-2005-2830 - OpenCVE

Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Internet Explorer Ie

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:ie:6.0:sp1::::::
	cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4::::::
	cpe:2.3:a:microsoft:internet_explorer:5.5:sp2::::::
	cpe:2.3:a:microsoft:internet_explorer:6.0:::::::*

References

Link	Resource
http://secunia.com/advisories/15368
http://secunia.com/advisories/18064
http://secunia.com/advisories/18311
http://securitytracker.com/id?1015350
http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf
http://www.securityfocus.com/bid/15825	Patch
http://www.vupen.com/english/advisories/2005/2867
http://www.vupen.com/english/advisories/2005/2909
http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054
https://exchange.xforce.ibmcloud.com/vulnerabilities/23451
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2005-12-14T11:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2005-09-07T00:00:00

Link: CVE-2005-2830

JSON object: View

NVD Information

Status : Modified

Published: 2005-12-14T11:03:00.000

Modified: 2021-07-23T12:55:03.667

Link: CVE-2005-2830

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-12-13T00:00:00", "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka \"HTTPS Proxy Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "18064", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18064"}, {"name": "MS05-054", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"}, {"name": "oval:org.mitre.oval:def:1101", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101"}, {"name": "1015350", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015350"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"}, {"name": "15368", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/15368"}, {"name": "ADV-2005-2909", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2909"}, {"name": "oval:org.mitre.oval:def:1097", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097"}, {"name": "oval:org.mitre.oval:def:1435", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435"}, {"name": "18311", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18311"}, {"name": "ADV-2005-2867", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2867"}, {"name": "oval:org.mitre.oval:def:1143", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143"}, {"name": "ie-https-proxy-information-disclosure(23451)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23451"}, {"name": "15825", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15825"}, {"name": "oval:org.mitre.oval:def:1317", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317"}, {"name": "oval:org.mitre.oval:def:1521", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521"}, {"tags": ["x_refsource_MISC"], "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2005-2830", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka \"HTTPS Proxy Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "18064", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18064"}, {"name": "MS05-054", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"}, {"name": "oval:org.mitre.oval:def:1101", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101"}, {"name": "1015350", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015350"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"}, {"name": "15368", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/15368"}, {"name": "ADV-2005-2909", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2909"}, {"name": "oval:org.mitre.oval:def:1097", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097"}, {"name": "oval:org.mitre.oval:def:1435", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435"}, {"name": "18311", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18311"}, {"name": "ADV-2005-2867", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2867"}, {"name": "oval:org.mitre.oval:def:1143", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143"}, {"name": "ie-https-proxy-information-disclosure(23451)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23451"}, {"name": "15825", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15825"}, {"name": "oval:org.mitre.oval:def:1317", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317"}, {"name": "oval:org.mitre.oval:def:1521", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521"}, {"name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420", "refsource": "MISC", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2005-2830", "datePublished": "2005-12-14T11:00:00", "dateReserved": "2005-09-07T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*", "matchCriteriaId": "24DF2AB3-DEAB-4D70-986E-FFBB7E64B96A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*", "matchCriteriaId": "2EB39B99-91A0-4B70-B12A-BA37F6AFBA83", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*", "matchCriteriaId": "D05ED9D0-CF78-4FAD-9371-6FB3D5825148", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka \"HTTPS Proxy Vulnerability.\""}, {"lang": "es", "value": "Microsoft Interntet Explorer 5.01, 5.5 y 6, cuando usan un servidor proxy HTTPS que requiere autenticaci\u00f3n b\u00e1sica, env\u00eda la URL en texto claro, lo que permite a atacantes remotos obtener informaci\u00f3n sensible, tcc \"Vulnerabilidad proxy HTTPS\""}], "id": "CVE-2005-2830", "lastModified": "2021-07-23T12:55:03.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-12-14T11:03:00.000", "references": [{"source": "secure@microsoft.com", "url": "http://secunia.com/advisories/15368"}, {"source": "secure@microsoft.com", "url": "http://secunia.com/advisories/18064"}, {"source": "secure@microsoft.com", "url": "http://secunia.com/advisories/18311"}, {"source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015350"}, {"source": "secure@microsoft.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf"}, {"source": "secure@microsoft.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/15825"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2005/2867"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2005/2909"}, {"source": "secure@microsoft.com", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23451"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}