Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0815

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0815
Last Modified 05 Sep 2008 04:29:01
Published 12 Aug 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0815

Summary

The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.

Vulnerable Systems

Application

  • Microsoft Ie 6.0.2900

  • Mozilla

  • Netscape Navigator


References

BUGTRAQ - 20020729 XWT Foundation Advisory: Firewall circumvention possible with all browsers

BUGTRAQ - 20020729 RE: XWT Foundation Advisory


Last Updated: 27 May 2016 10:37:05