Alias(es)MS.IE.HTTPS.Proxy.Information.Disclosure |
Release DateOct 18, 2006 |
Severitylow |
ImpactSensitive information disclosure |
DescriptionIndicates a possible exploit of an information disclosure vulnerability in Microsoft Internet Explorer, that allows remote attackers to obtain sensitive information when using an HTTPS proxy server that requires Basic Authentication. |
Affected ProductsMicrosoft Internet Explorer 6.0 SP1Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.5 SP2 Microsoft Internet Explorer 5.0.1 SP4 Avaya Unified Communications Center S3400 Avaya S8100 Media Servers R9 Avaya S8100 Media Servers R8 Avaya S8100 Media Servers R7 Avaya S8100 Media Servers R6 Avaya S8100 Media Servers R12 Avaya S8100 Media Servers R11 Avaya S8100 Media Servers R10 Avaya S8100 Media Servers Avaya Modular Messaging (MAS) Avaya IP600 Media Servers R9 Avaya IP600 Media Servers R8 Avaya IP600 Media Servers R7 Avaya IP600 Media Servers R6 Avaya IP600 Media Servers R12 Avaya IP600 Media Servers R11 Avaya IP600 Media Servers R10 Avaya IP600 Media Servers Avaya DefinityOne Media Servers R9 Avaya DefinityOne Media Servers R8 Avaya DefinityOne Media Servers R7 Avaya DefinityOne Media Servers R6 Avaya DefinityOne Media Servers R12 Avaya DefinityOne Media Servers R11 Avaya DefinityOne Media Servers R10 Avaya DefinityOne Media Servers |
Recommended ActionsMicrosoft has released fixes for supported operating system versions. Fixes for Internet Explorer 5.5 SP 2 running on Windows ME and Internet Explorer 6 SP 1 running on Windows 98/98SE/ME can be obtained through the Microsoft Update Web site or the Windows Update Web site.Avaya has released advisory ASA-2005-234 detailing affected Avaya products. Please see the referenced advisory for further information. Microsoft Internet Explorer 5.0.1 SP4 * Microsoft Cumulative Update for Internet Explorer 5.01 Service Pack 4 (KB905915) For Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?familyid=4005B74A-D6E6 -4A32-A3B1-276686B4A428&displaylang=en Microsoft Internet Explorer 6.0 SP1 * Microsoft Cumulative Update for Internet Explorer 6 SP1 (KB905915) For Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 http://www.microsoft.com/downloads/details.aspx?familyid=A8443CD2-D98D -427B-9F0E-BD7E19FCB994&displaylang=en Microsoft Internet Explorer 6.0 * Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB905915) For Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 http://www.microsoft.com/downloads/details.aspx?familyid=9D70FB20-C7C9 -43AF-A864-6DBC9A542CC6&displaylang=en * Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB905915) For Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?familyid=1EE790B9-E596 -4344-AEC3-FCB3289D7E9C&displaylang=en * Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 x64 Edition (KB905915) For Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=8E9C23E5-7988 -42DA-A8BD-2C1A534BF995&displaylang=en * Microsoft Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB905915) For Internet Explorer 6 for Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?familyid=E4B5BA57-D4F2 -4798-9154-2869E371C9D1&displaylang=en * Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB905915) For Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition http://www.microsoft.com/downloads/details.aspx?familyid=E1652B4A-6339 -4B31-8ACF-D2A844C24F70&displaylang=en |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2005-2830 |
Reference/shttp://www.frsirt.com/english/advisories/2005/2867 (FrSIRT)http://technet.microsoft.com/en-us/security/bulletin/MS05-054.mspx (MS-ID) http://www.securityfocus.com/bid/15825 (BugTraq) http://www.frsirt.com/english/advisories/2005/2909 (FrSIRT) |
