) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
Search Parameters:
- Results Type: Overview
- Keyword (text search): cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:itanium:*:*:*:*:*
- CPE Name Search: true
There are 1,021 matching records.
Displaying matches 1,021 through 1,021.
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2008-1544 |
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header. Published: March 28, 2008; 7:44:00 PM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |