Signature Detail
Short Name |
HTTP:STC:NAV-REDIR |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Navigation Page Spoof |
Release Date |
2007/06/12 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Navigation Page Spoof
This signature detects attempts to exploit a known vulnerability in Internet Explorer 7.0 (IE). An attacker can create malicious Web pages containing a spoofed Navigation Cancelled page, which if access by a victim, can redirect users to another page containing malicious code.
Extended Description
Microsoft Internet Explorer is prone to a webpage-spoofing vulnerability. Attackers may exploit this vulnerability via a malicious webpage to spoof the contents of the Navigation canceled page. This may assist in phishing or other attacks that rely on content spoofing. NOTE: This BID is being retired because this issue was previously reported in BID 22966: Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability.
Affected Products
- Microsoft Internet Explorer 7.0
References
- CVE: CVE-2007-1752