Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.14261
Kategorie:Windows
Titel:Opera remote location object cross-domain scripting vulnerability
Zusammenfassung:The remote host contains a web browser that is affected by; multiple flaws.;; Description :; The remote host is using Opera, an alternative web browser.; This version of Opera on the remote host fails to block write access to; the 'location' object. This could allow a user to create a specially; crafted URL to overwrite methods within the 'location' object that would; execute arbitrary code in a user's browser within the trust relationship; between the browser and the server, leading to a loss of confidentiality; and integrity.
Beschreibung:Summary:
The remote host contains a web browser that is affected by
multiple flaws.

Description :
The remote host is using Opera, an alternative web browser.
This version of Opera on the remote host fails to block write access to
the 'location' object. This could allow a user to create a specially
crafted URL to overwrite methods within the 'location' object that would
execute arbitrary code in a user's browser within the trust relationship
between the browser and the server, leading to a loss of confidentiality
and integrity.

Solution:
Upgrade to Opera 7.54 or newer.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: BugTraq ID: 10873
Common Vulnerability Exposure (CVE) ID: CVE-2004-2570
http://www.securityfocus.com/bid/10873
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0131.html
http://www.gentoo.org/security/en/glsa/glsa-200408-05.xml
http://www.greymagic.com/security/advisories/gm008-op/
http://osvdb.org/8331
http://secunia.com/advisories/12233
XForce ISS Database: opera-location-method-overwrite(16904)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16904
CopyrightCopyright (C) 2004 David Maciejak

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.