Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2007-2383

Опубликовано: 30 апр. 2007
Источник: debian
EPSS Низкий

Описание

The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

Пакеты

ПакетСтатусВерсия исправленияРелизТип
prototypejsnot-affectedpackage
auth2dbfixed0.2.5-2+dfsg-1package
asteriskfixed1:1.6.2.0~rc3-1package
asteriskno-dsaetchpackage
asteriskno-dsalennypackage
libawsfixed2.7-1package
libawsno-dsaetchpackage
libawsno-dsalennypackage
libjson-rubynot-affectedpackage
lucene2fixed2.9.1+ds1-2package
lucene2not-affectedetchpackage
lucene2no-dsalennypackage
glpifixed0.72.3-1package
glpino-dsaetchpackage
glpino-dsalennypackage
knowledgerootfixed0.9.9.5-1package
knowledgerootno-dsaetchpackage
knowledgerootnot-affectedlennypackage
mt-daapdfixed0.9~r1696.dfsg-6package
mt-daapdno-dsaetchpackage
mediatombfixed0.11.0-3package
op-panelfixed0.30~dfsg-1package
ebug-httpfixed0.31-2.1package
ebug-httpno-dsalennypackage
poker-networkfixed1.7.6-1package
poker-networkno-dsaetchpackage
webhelpersnot-affectedpackage
qwikremovedpackage
qwikno-dsaetchpackage
qwikno-dsalennypackage
wordpressnot-affectedpackage
exailenot-affectedpackage
hobixfixed0.5~svn20070319-4package
hobixno-dsalennypackage
pixelpostfixed1.7.1-6package
pixelpostno-dsalennypackage
symfonyfixed1.0.21-1.1package
symfonyno-dsalennypackage
jscropperuifixed1.2.1-1package
jscropperuino-dsalennypackage
rt-extension-emailcompletionnot-affectedpackage
scriptaculousnot-affectedpackage
activeldapnot-affectedpackage
mantisnot-affectedpackage
otrs2not-affectedpackage
webcalendarfixed1.2~b1-2package
webcalendarnot-affectedlennypackage
plone3removedpackage
wesnothnot-affectedpackage
libhtml-prototype-perlfixed1.48-3package
libhtml-prototype-perlno-dsaetchpackage
libhtml-prototype-perlno-dsalennypackage

Примечания

  • see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf

  • This allows to steal data from affected websites. Therefore web applications should

  • only be considered vunerabile if they process confidential data.

  • The frameworks should be fixed in any case.

EPSS

Процентиль: 35%
0.00142
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2007-2383

ubuntu
больше 18 лет назад

The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

nvd логотип

CVE-2007-2383

nvd
больше 18 лет назад

The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

github логотип

GHSA-qgq2-pf5j-2fvq

github
больше 3 лет назад

The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

EPSS

Процентиль: 35%
0.00142
Низкий