{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-27T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka \"Redirect Cross-Domain Information Disclosure Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060627 IE_ONE_MINOR_ONE_MAJOR", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html"}, {"name": "20060630 RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438863/100/0/threaded"}, {"name": "20825", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20825"}, {"name": "MS06-042", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"}, {"name": "20060704 Re: Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/439146/100/0/threaded"}, {"name": "VU#883108", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/883108"}, {"name": "ie-redirection-information-disclosure(27452)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27452"}, {"name": "1016388", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016388"}, {"name": "20060630 Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438785/100/0/threaded"}, {"name": "21396", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21396"}, {"name": "ADV-2006-3212", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3212"}, {"tags": ["x_refsource_MISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj"}, {"name": "20060630 Re: Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438864/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/internet_explorer_information_disclosure_vulnerability_test"}, {"name": "TA06-220A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"}, {"name": "20060630 ISC: Firefox immune to outerHTML flaw in MSIE [Was: Browser bugs hit IE, Firefox]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438811/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:738", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A738"}, {"name": "20060630 Re: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438788/100/0/threaded"}, {"name": "18682", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18682"}, {"name": "ADV-2006-2553", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2553"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3280", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka \"Redirect Cross-Domain Information Disclosure Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060627 IE_ONE_MINOR_ONE_MAJOR", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html"}, {"name": "20060630 RE: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438863/100/0/threaded"}, {"name": "20825", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20825"}, {"name": "MS06-042", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"}, {"name": "20060704 Re: Browser bugs hit IE, Firefox today (SANS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/439146/100/0/threaded"}, {"name": "VU#883108", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/883108"}, {"name": "ie-redirection-information-disclosure(27452)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27452"}, {"name": "1016388", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016388"}, {"name": "20060630 Browser bugs hit IE, Firefox today (SANS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438785/100/0/threaded"}, {"name": "21396", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21396"}, {"name": "ADV-2006-3212", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3212"}, {"name": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj", "refsource": "MISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj"}, {"name": "20060630 Re: Browser bugs hit IE, Firefox today (SANS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438864/100/0/threaded"}, {"name": "http://secunia.com/internet_explorer_information_disclosure_vulnerability_test", "refsource": "MISC", "url": "http://secunia.com/internet_explorer_information_disclosure_vulnerability_test"}, {"name": "TA06-220A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"}, {"name": "20060630 ISC: Firefox immune to outerHTML flaw in MSIE [Was: Browser bugs hit IE, Firefox]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438811/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:738", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A738"}, {"name": "20060630 Re: [Full-disclosure] Browser bugs hit IE, Firefox today (SANS)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438788/100/0/threaded"}, {"name": "18682", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18682"}, {"name": "ADV-2006-2553", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2553"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3280", "datePublished": "2006-06-28T22:00:00", "dateReserved": "2006-06-28T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "A19F6133-25D1-44A5-B6B9-354703436783", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka \"Redirect Cross-Domain Information Disclosure Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad de dominios cruzados en Microsoft Internet Explorer v6.0 permite a atacantes remotos acceder la informaci\u00f3n restringida desde otro dominio a trav\u00e9s de una etiqueta object con un par\u00e1metro data que referencia un enlace en el sitio original del atacante que especifica una cabecera Location HTTP que referencia un sitio objetivo, lo que luego hace que el contenido est\u00e9 disponible a trav\u00e9s del atributo outerHTML del objeto, como \"Redirect Cross-Domain Information Disclosure Vulnerability.\""}], "id": "CVE-2006-3280", "lastModified": "2021-07-23T12:55:03.667", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-28T22:05:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047398.html"}, {"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20825"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21396"}, {"source": "cve@mitre.org", "url": "http://secunia.com/internet_explorer_information_disclosure_vulnerability_test"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016388"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/883108"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438785/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438788/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438811/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438863/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438864/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/439146/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18682"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2553"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3212"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27452"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A738"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}