Lucene search

[email protected]CVE-2007-5276

HistoryOct 08, 2007 - 11:17 p.m.

CVE-2007-5276

2007-10-0823:17:00

[email protected]

web.nvd.nist.gov

opera

dns

vulnerability

remote attack

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.1%

JSON

Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.

Affected configurations

NVD

Node

operaopera_browserMatch9.0

CPENameOperatorVersion
opera:opera_browseropera opera browsereq9.0

CPE	Name	Operator	Version
opera:opera_browser	opera opera browser	eq	9.0

References

crypto.stanford.edu/dns/dns-rebinding.pdf

osvdb.org/45526

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.1%

JSON

Related for CVE-2007-5276

ubuntucve1 prion1 cvelist1 nvd1