Lucene search

MitreCVE-2003-0593

HistoryApr 15, 2004 - 4:00 a.m.

CVE-2003-0593

2004-04-1504:00:00

CWE-22

mitre

web.nvd.nist.gov

opera

cookie access

security

directory traversal

url

vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.021

Percentile

89.2%

JSON

Opera allows remote attackers to bypass intended cookie access restrictions on a web application via “%2e%2e” (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Affected configurations

Nvd

Node

operaopera_browserMatch5.0

operaopera_browserMatch5.02

operaopera_browserMatch5.10

operaopera_browserMatch5.11

operaopera_browserMatch5.12

operaopera_browserMatch6.0

operaopera_browserMatch6.01

operaopera_browserMatch6.02

operaopera_browserMatch6.03

operaopera_browserMatch6.04

operaopera_browserMatch6.05

operaopera_browserMatch6.06

operaopera_browserMatch6.10

operaopera_browserMatch7.0

operaopera_browserMatch7.0beta1

operaopera_browserMatch7.0beta2

operaopera_browserMatch7.01

operaopera_browserMatch7.02

operaopera_browserMatch7.03

operaopera_browserMatch7.10

operaopera_browserMatch7.11

operaopera_browserMatch7.20

operaopera_browserMatch7.21

operaopera_browserMatch7.22

operaopera_browserMatch7.23

VendorProductVersionCPE
operaopera_browser5.0cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*
operaopera_browser5.02cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*
operaopera_browser5.10cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*
operaopera_browser5.11cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*
operaopera_browser5.12cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*
operaopera_browser6.0cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*
operaopera_browser6.01cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*
operaopera_browser6.02cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*
operaopera_browser6.03cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*
operaopera_browser6.04cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opera	opera_browser	5.0	cpe:2.3:a:opera:opera_browser:5.0:::::::*
opera	opera_browser	5.02	cpe:2.3:a:opera:opera_browser:5.02:::::::*
opera	opera_browser	5.10	cpe:2.3:a:opera:opera_browser:5.10:::::::*
opera	opera_browser	5.11	cpe:2.3:a:opera:opera_browser:5.11:::::::*
opera	opera_browser	5.12	cpe:2.3:a:opera:opera_browser:5.12:::::::*
opera	opera_browser	6.0	cpe:2.3:a:opera:opera_browser:6.0:::::::*
opera	opera_browser	6.01	cpe:2.3:a:opera:opera_browser:6.01:::::::*
opera	opera_browser	6.02	cpe:2.3:a:opera:opera_browser:6.02:::::::*
opera	opera_browser	6.03	cpe:2.3:a:opera:opera_browser:6.03:::::::*
opera	opera_browser	6.04	cpe:2.3:a:opera:opera_browser:6.04:::::::*

Rows per page:

1-10 of 251

References

archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html

lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.7

Confidence

Low

EPSS

0.021

Percentile

89.2%

JSON

Related for CVE-2003-0593