Описание
Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
Ссылки
- Broken LinkThird Party AdvisoryVDB EntryVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryVDB EntryVendor Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkVendor Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01144
Низкий
5 Medium
CVSS2
Дефекты
CWE-669
Связанные уязвимости
github
почти 4 года назад
Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
EPSS
Процентиль: 78%
0.01144
Низкий
5 Medium
CVSS2
Дефекты
CWE-669