Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-6970

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-6970
Last Modified 08 Jun 2012 12:00:00
Published 07 Feb 2007 06:28:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-6970

Summary

Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter.

Vulnerable Systems

Application

  • Mozilla Firefox 2.0.0.1

  • Opera Browser 9.10

  • Opera Software Opera 9.10


References

BUGTRAQ - 20070206 Firefox 2.0.0.1 and Opera 9.10 Anty Fraud/Phishing Protection bypass.

OSVDB - 34927

MISC - http://kaneda.bohater.net/security/20061220-opera_9.10_final_bypass_fraud_protection.php


Last Updated: 27 May 2016 10:49:37