CVE-2017-8602
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
11/07/2017
Last modified:
20/04/2025
Description
Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing Vulnerability."
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_10:1511:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securityfocus.com/bid/99390
- http://www.securitytracker.com/id/1038859
- http://www.securitytracker.com/id/1038860
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8602
- http://www.securityfocus.com/bid/99390
- http://www.securitytracker.com/id/1038859
- http://www.securitytracker.com/id/1038860
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8602