CVE-2003-0593

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2003-0593
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html Broken Link Exploit Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html Not Applicable
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html Broken Link Exploit Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html Not Applicable
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.10:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*
History

20 Nov 2024, 23:45

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html - Broken Link, Exploit, Vendor Advisory () http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html - Broken Link, Exploit, Vendor Advisory
References () http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html - Not Applicable () http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html - Not Applicable

01 Mar 2022, 20:13

Type Values Removed Values Added
CPE cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.10:*:linux:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.0.1:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.6:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.20:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.23:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.20_beta1_build2981:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:linux:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.11:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.21:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.22:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.10:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:linux:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:5.1.1:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.0.3:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:5.12:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:5.0.2:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:5.1.0:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.4:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.11b:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.0.2:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:5.0:*:linux:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:5.0:*:mac:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.0:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:linux:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:5.12:*:win32:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.11j:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:win32:*:*:*:*:*		 cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.10:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*
References (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html - (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html - Not Applicable
References (VULNWATCH) http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html - Exploit, Vendor Advisory (VULNWATCH) http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html - Broken Link, Exploit, Vendor Advisory
CWE NVD-CWE-Other CWE-22
Information

Published : 2004-04-15 04:00

Updated : 2024-11-20 23:45

NVD link : CVE-2003-0593

Mitre link : CVE-2003-0593

CVE.ORG link : CVE-2003-0593

JSON object : View

Products Affected

opera

  • opera_browser
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')