Browser Security News

The Site for Web Browser Security Information

Welcome to Browser Security News

Because Web Browser Security Matters!

 

Your news resource for Internet Explorer, Firefox, Opera and Safari security news vulnerabilities, virus and other important information.

Categories

Archives

Feeds

CVE-2008-1544 (Internet Explorer)

March 31st, 2008 by News

The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, and (3) bypass referrer restrictions via an incorrect Referer header.

Read More…
Source: National Vulnerability Database

Posted in Internet Explorer, National Vulnerability Db |March 31st, 2008 by News|

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.