Executive Summary

Informations
Name CVE-2004-2219 First vendor Publication 2004-12-31
Vendor Cve Last vendor Modification 2021-07-23

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Cvss Base Score 2.6 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2219

CWE : Common Weakness Enumeration

% Id Name

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 3

Open Source Vulnerability Database (OSVDB)

Id Description
8978 Microsoft IE Address Bar Spoofing (NullyFake)

Internet Explorer contains a flaw that may allow a malicious user to spoof a URL in the address bar. The issue is triggered when Javascript is used to open an unregistered protocol URL and reload it repeatedly before loading an arbitrary page containing a history.back() scripting statement. This may allow for content to be read across windows while the location bar shows no indication of the change.

Snort® IPS/IDS

Date Description
2014-11-19 Microsoft Internet Explorer address bar spoofing without scripting
RuleID : 32231 - Revision : 2 - Type : BROWSER-IE
2014-11-19 Microsoft Internet Explorer address bar spoofing without scripting
RuleID : 32230 - Revision : 2 - Type : BROWSER-IE
2014-05-08 Microsoft Internet Explorer address bar spoofing with scripting
RuleID : 30491 - Revision : 3 - Type : BROWSER-IE
2014-05-08 Microsoft Internet Explorer address bar spoofing with scripting
RuleID : 30490 - Revision : 3 - Type : BROWSER-IE

Sources (Detail)

Source Url
BUGTRAQ http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html
MISC http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt
OSVDB http://www.osvdb.org/8978
SECTRACK http://securitytracker.com/id?1010957
SECUNIA http://secunia.com/advisories/12304
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/17007

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2021-07-27 00:24:37
  • Multiple Updates
2021-07-24 01:44:14
  • Multiple Updates
2021-07-24 01:01:48
  • Multiple Updates
2021-07-23 17:24:41
  • Multiple Updates
2021-05-04 12:02:36
  • Multiple Updates
2021-04-22 01:02:48
  • Multiple Updates
2020-05-23 00:16:08
  • Multiple Updates
2017-07-11 12:01:42
  • Multiple Updates
2016-06-28 15:10:00
  • Multiple Updates
2016-04-26 13:07:23
  • Multiple Updates
2014-11-19 21:23:16
  • Multiple Updates
2014-05-08 21:26:07
  • Multiple Updates
2013-05-11 11:47:52
  • Multiple Updates