Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.800651 |
Kategorie: | General |
Titel: | Opera Web Browser 'Refresh' Header XSS Vulnerabilities (Windows) |
Zusammenfassung: | The host is installed with Opera Web Browser and is prone to; Cross-Site Scripting Vulnerability. |
Beschreibung: | Summary: The host is installed with Opera Web Browser and is prone to Cross-Site Scripting Vulnerability. Vulnerability Insight: Flaw is due to error in Refresh headers in HTTP responses. It does not block javascript: URIs, while injecting a Refresh header or specifying the content of a Refresh header Vulnerability Impact: Successful remote attack could execute arbitrary script code in the context of the user running the application and to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks. Affected Software/OS: Opera version 9.52 and prior on Windows. Solution: Upgrade to Opera version 9.64 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N |
Querverweis: |
BugTraq ID: 35571 Common Vulnerability Exposure (CVE) ID: CVE-2009-2351 http://www.securityfocus.com/bid/35571 Bugtraq: 20090702 Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome (Google Search) http://www.securityfocus.com/archive/1/504718/100/0/threaded Bugtraq: 20090703 Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome (Google Search) http://www.securityfocus.com/archive/1/504723/100/0/threaded http://websecurity.com.ua/3275/ http://websecurity.com.ua/3386/ |
Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |