CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
89.2%
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via “%2e%2e” (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Vendor | Product | Version | CPE |
---|---|---|---|
opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:* |
opera | opera_browser | 5.02 | cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:* |
opera | opera_browser | 5.10 | cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:* |
opera | opera_browser | 5.11 | cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:* |
opera | opera_browser | 5.12 | cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:* |
opera | opera_browser | 6.0 | cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:* |
opera | opera_browser | 6.01 | cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:* |
opera | opera_browser | 6.02 | cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:* |
opera | opera_browser | 6.03 | cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:* |
opera | opera_browser | 6.04 | cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:* |