Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.2
CVSSv3

CVE-2017-0140

Published: 17/03/2017 Updated: 03/10/2019
CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9
CVSS v3 Base Score: 4.2 | Impact Score: 2.5 | Exploitability Score: 1.6
VMScore: 357
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
Subscribe to Edge

Vulnerability Summary

Microsoft Edge allows remote malicious users to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft edge

Exploits

Exploit DB: Microsoft Edge Fetch API Arbitrary Header Setting
It was found that the Fetch API in Microsoft Edge allows websites to set arbitrary HTTP request headers, including the Content-Length, and Host headers Amongst others, a malicious website can use this issue to bypass the same origin policy, read HTTP response headers, or initiate arbitrary HTTP requests from the victim's browser (HTTP request smug ...

Github Repositories

https://github.com/tolgadevsec/PHP-Security-Cheatsheet

This cheatsheet is an overview of techniques to prevent common vulnerabilities within PHP web applications

PHP Security Cheatsheet This cheatsheet is an overview of techniques to prevent common vulnerabilities within PHP web applications All of the examples presented in this cheatsheet are for learning and experimentation purposes and are not meant to be used in a production system Most of the techniques and countermeasures are already built-in in many modern web application fram

https://github.com/lonestarlabs/PHP-Security-Cheatsheet

This cheatsheet is an overview of techniques to prevent common vulnerabilities within PHP web applications

PHP Security Cheatsheet This cheatsheet is an overview of techniques to prevent common vulnerabilities within PHP web applications All of the examples presented in this cheatsheet are for learning and experimentation purposes and are not meant to be used in a production system Most of the techniques and countermeasures are already built-in in many modern web application fram

https://github.com/tolgauen/PHP-Security-Cheatsheet

This cheatsheet is an overview of techniques to prevent common vulnerabilities within PHP web applications

PHP Security Cheatsheet This cheatsheet is an overview of techniques to prevent common vulnerabilities within PHP web applications All of the examples presented in this cheatsheet are for learning and experimentation purposes and are not meant to be used in a production system Most of the techniques and countermeasures are already built-in in many modern web application fram

References

NVD-CWE-noinfohttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0140http://www.securityfocus.com/bid/96653http://www.securitytracker.com/id/1038006https://nvd.nist.govhttps://github.com/tolgadevsec/PHP-Security-Cheatsheethttps://packetstormsecurity.com/files/141621/Microsoft-Edge-Fetch-API-Arbitrary-Header-Setting.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook