Vulnerability Details : CVE-2004-0872

Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

Published 2004-09-16 04:00:00

Updated 2022-02-28 17:35:58

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2004-0872

Probability of exploitation activity in the next 30 days: 0.36%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-0872

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2004-0872

CWE-669 Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

Assigned by: [email protected] (Primary)

References for CVE-2004-0872

http://securitytracker.com/id?1011329

Broken Link;Third Party Advisory;VDB Entry
http://securityfocus.com/archive/1/375407

Broken Link;Third Party Advisory;VDB Entry;Vendor Advisory

CVEs referencing this url
http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt

Broken Link;Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/17417

Third Party Advisory;VDB Entry

CVEs referencing this url

Products affected by CVE-2004-0872

Opera » Opera Browser » Version: 7.51
cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*
Matching versions