New Search

IE v6.0SP1 (Server 2003) Improper URL Canonicalization Vulnerability

oval:org.mitre.oval:def:526

Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the URL which hides the rest of the URL including the real site in the address bar aka the "Improper URL Canonicalization Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2003-1025
Product(s):
  • Microsoft Internet Explorer