漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.
漏洞信息
N/A
漏洞
N/A
漏洞
Microsoft IE 7 setRequestHeader()函数请求拆分漏洞
漏洞信息
Internet Explorer是微软发布的非常流行的WEB浏览器。 IE 7允许通过HTTP请求拆分攻击覆盖Content-Length、Host和Referer等HTTP头,导致HTTP头信息欺骗。 类似于以下javascript: ---------------------------------------------- var x=new XMLHttpRequest(); x.open("POST","/"); for(f=127;f<255;f++) try{ x.setRequestHe
漏洞信息
N/A
漏洞
N/A