exploitDog

CVE-2007-5276

Опубликовано: 08 окт. 2007

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.

Ссылки

http://crypto.stanford.edu/dns/dns-rebinding.pdf
Technical Description
Third Party Advisory
http://osvdb.org/45526
Broken Link
http://crypto.stanford.edu/dns/dns-rebinding.pdf
Technical Description
Third Party Advisory
http://osvdb.org/45526
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00243

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2007-5276

ubuntu

почти 18 лет назад

Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.

GHSA-vw2g-3hc3-gg3f

github

больше 3 лет назад

Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.

EPSS

Процентиль: 47%

0.00243

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo