Lucene search

[email protected]NVD:CVE-2009-3005

HistoryAug 28, 2009 - 3:30 p.m.

CVE-2009-3005

2009-08-2815:30:00

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

50.1%

JSON

Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown.

Affected configurations

Nvd

Node

lunascapelunascapeMatch5.1.3

lunascapelunascapeMatch5.1.4

VendorProductVersionCPE
lunascapelunascape5.1.3cpe:2.3:a:lunascape:lunascape:5.1.3:*:*:*:*:*:*:*
lunascapelunascape5.1.4cpe:2.3:a:lunascape:lunascape:5.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lunascape	lunascape	5.1.3	cpe:2.3:a:lunascape:lunascape:5.1.3:::::::*
lunascape	lunascape	5.1.4	cpe:2.3:a:lunascape:lunascape:5.1.4:::::::*

References

lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html

exchange.xforce.ibmcloud.com/vulnerabilities/53008

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

50.1%

JSON

Related for NVD:CVE-2009-3005

openvas2 cvelist1 cve1 prion1