CVE-2008-5681

Sažetak

Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs.

Reference

http://secunia.com/advisories/34294
http://security.gentoo.org/glsa/glsa-200903-30.xml
http://www.opera.com/docs/changelogs/linux/963/
http://www.opera.com/support/kb/view/923/
http://www.securitytracker.com/id?1021461

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

07-06-2012 - 17:24

Objavljeno

19-12-2008 - 16:30