CVE-2005-2830
First published: Wed Dec 14 2005(Updated: )
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Explorer | =6.0-sp1 | |
| Internet Explorer | =5.5-sp2 | |
| Internet Explorer | =5.0.1-sp4 | |
| Internet Explorer | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/15825
- http://securitytracker.com/id?1015350
- http://secunia.com/advisories/15368
- http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf
- http://secunia.com/advisories/18064
- http://secunia.com/advisories/18311
- http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375420
- http://www.vupen.com/english/advisories/2005/2909
- http://www.vupen.com/english/advisories/2005/2867
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23451
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1521
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1435
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1317
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1143
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1101
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1097
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-054
Frequently Asked Questions
What is the severity of CVE-2005-2830?
CVE-2005-2830 is considered a high-severity vulnerability due to the potential exposure of sensitive information.
How does CVE-2005-2830 exploit the HTTPS proxy server?
CVE-2005-2830 exploits the HTTPS proxy server by sending URLs in cleartext when using Basic Authentication.
Which versions of Internet Explorer are affected by CVE-2005-2830?
CVE-2005-2830 affects Microsoft Internet Explorer versions 5.01, 5.5, and 6.0.
How can I mitigate the risks associated with CVE-2005-2830?
To mitigate CVE-2005-2830, avoid using vulnerable versions of Internet Explorer or consider using a different browser.
Is there a patch available for CVE-2005-2830?
There is no official patch for CVE-2005-2830, and it is recommended to upgrade to a more secure browser version.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft internet explorer
- version/microsoft internet explorer/6.0-sp1
- canonical/internet explorer
- version/internet explorer/5.5-sp2
- version/internet explorer/5.0.1-sp4
- version/internet explorer/6.0