Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3172

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-3172
Last Modified 10 Sep 2008 09:12:01
Published 14 Jul 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3172

Summary

Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking."

Vulnerable Systems

Application

  • Opera


References

MISC - https://bugzilla.mozilla.org/show_bug.cgi?id=252342

XF - opera-cookie-session-hijacking(43951)

MISC - http://o.bulport.com/index.php?item=55

MISC - http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html

MISC - http://crisp.tweakblogs.net/blog/ie-and-2-letter-domain-names.html


Last Updated: 27 May 2016 10:48:06