Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.
References
Link | Resource |
---|---|
http://crypto.stanford.edu/dns/dns-rebinding.pdf | Technical Description Third Party Advisory |
http://osvdb.org/45526 | Broken Link |
http://crypto.stanford.edu/dns/dns-rebinding.pdf | Technical Description Third Party Advisory |
http://osvdb.org/45526 | Broken Link |
Configurations
History
21 Nov 2024, 00:37
Type | Values Removed | Values Added |
---|---|---|
References | () http://crypto.stanford.edu/dns/dns-rebinding.pdf - Technical Description, Third Party Advisory | |
References | () http://osvdb.org/45526 - Broken Link |
01 Mar 2022, 14:56
Type | Values Removed | Values Added |
---|---|---|
References | (OSVDB) http://osvdb.org/45526 - Broken Link | |
References | (MISC) http://crypto.stanford.edu/dns/dns-rebinding.pdf - Technical Description, Third Party Advisory | |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:* |
Information
Published : 2007-10-08 23:17
Updated : 2024-11-21 00:37
NVD link : CVE-2007-5276
Mitre link : CVE-2007-5276
CVE.ORG link : CVE-2007-5276
JSON object : View
Products Affected
opera
- opera_browser
CWE