Описание
Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | removed from archive |
| devel | DNE | removed from archive |
| edgy | ignored | end of life, was needed |
| feisty | ignored | end of life, was needed |
| gutsy | DNE | |
| hardy | DNE | removed from archive |
| intrepid | DNE | removed from archive |
| upstream | needs-triage |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.
Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.
EPSS
4.3 Medium
CVSS2