Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3013

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-3013
Last Modified 05 Sep 2009 01:33:21
Published 31 Aug 2009 12:30:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3013

Summary

Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly block data: URIs in Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header. NOTE: the JavaScript executes outside of the context of the HTTP site.

Vulnerable Systems

Application

  • Opera Browser 10.00

  • Opera Browser 7.0

  • Opera Browser 7.23

  • Opera Browser 7.53

  • Opera Browser 7.54

  • Opera Browser 7.60

  • Opera Browser 8.0

  • Opera Browser 8.00

  • Opera Browser 8.01

  • Opera Browser 8.02

  • Opera Browser 8.50

  • Opera Browser 8.51

  • Opera Browser 8.52

  • Opera Browser 8.53

  • Opera Browser 8.54

  • Opera Browser 9.0

  • Opera Browser 9.00

  • Opera Browser 9.01

  • Opera Browser 9.02

  • Opera Browser 9.10

  • Opera Browser 9.12

  • Opera Browser 9.20

  • Opera Browser 9.21

  • Opera Browser 9.22

  • Opera Browser 9.51

  • Opera Browser 9.52


References

XF - opera-data-xss(52996)

MISC - http://websecurity.com.ua/3386/

MISC - http://websecurity.com.ua/3323/


Last Updated: 27 May 2016 10:51:06