Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
References
Link | Resource |
---|---|
http://securityfocus.com/archive/1/375407 | Broken Link Third Party Advisory VDB Entry Vendor Advisory |
http://securitytracker.com/id?1011329 | Broken Link Third Party Advisory VDB Entry |
http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt | Broken Link Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17417 | Third Party Advisory VDB Entry |
http://securityfocus.com/archive/1/375407 | Broken Link Third Party Advisory VDB Entry Vendor Advisory |
http://securitytracker.com/id?1011329 | Broken Link Third Party Advisory VDB Entry |
http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt | Broken Link Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17417 | Third Party Advisory VDB Entry |
Configurations
History
20 Nov 2024, 23:49
Type | Values Removed | Values Added |
---|---|---|
References | () http://securityfocus.com/archive/1/375407 - Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | () http://securitytracker.com/id?1011329 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt - Broken Link, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/17417 - Third Party Advisory, VDB Entry |
28 Feb 2022, 17:35
Type | Values Removed | Values Added |
---|---|---|
References | (BUGTRAQ) http://securityfocus.com/archive/1/375407 - Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | (MISC) http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt - Broken Link, Vendor Advisory | |
References | (SECTRACK) http://securitytracker.com/id?1011329 - Broken Link, Third Party Advisory, VDB Entry | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/17417 - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:* | |
CWE | CWE-669 |
Information
Published : 2004-09-16 04:00
Updated : 2024-11-20 23:49
NVD link : CVE-2004-0872
Mitre link : CVE-2004-0872
CVE.ORG link : CVE-2004-0872
JSON object : View
Products Affected
opera
- opera_browser
CWE
CWE-669
Incorrect Resource Transfer Between Spheres