Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.800651
Kategorie:General
Titel:Opera Web Browser 'Refresh' Header XSS Vulnerabilities (Windows)
Zusammenfassung:The host is installed with Opera Web Browser and is prone to; Cross-Site Scripting Vulnerability.
Beschreibung:Summary:
The host is installed with Opera Web Browser and is prone to
Cross-Site Scripting Vulnerability.

Vulnerability Insight:
Flaw is due to error in Refresh headers in HTTP responses. It does not block
javascript: URIs, while injecting a Refresh header or specifying the content
of a Refresh header

Vulnerability Impact:
Successful remote attack could execute arbitrary script code in the context
of the user running the application and to steal cookie-based authentication
credentials and other sensitive data that may aid in further attacks.

Affected Software/OS:
Opera version 9.52 and prior on Windows.

Solution:
Upgrade to Opera version 9.64 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Querverweis: BugTraq ID: 35571
Common Vulnerability Exposure (CVE) ID: CVE-2009-2351
http://www.securityfocus.com/bid/35571
Bugtraq: 20090702 Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome (Google Search)
http://www.securityfocus.com/archive/1/504718/100/0/threaded
Bugtraq: 20090703 Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome (Google Search)
http://www.securityfocus.com/archive/1/504723/100/0/threaded
http://websecurity.com.ua/3275/
http://websecurity.com.ua/3386/
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.