CVE-2001-0665

critical

Description

Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7259

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051

http://www.securityfocus.com/bid/3421

http://www.osvdb.org/1972

Details

Source: Mitre, NVD

Published: 2001-10-30

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.10865