Back to search
CVE-2003-1028
Published: Jan 8, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
7890
vdb-entry
x_refsource_OSVDB
20031201 Comments on 5 IE vulnerabilities
mailing-list
x_refsource_BUGTRAQ
ie-download-directory-disclosure(13847)
vdb-entry
x_refsource_XF
20031125 Note for "Invalid ContentType may disclose cache directory"
mailing-list
x_refsource_BUGTRAQ
http://www.safecenter.net/UMBRELLAWEBV4/threadid10008
x_refsource_MISC
20031125 Invalid ContentType may disclose cache directory
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now