Vulnerability Details

ID: CVE-2003-0593

Last Modified: March 1, 2022

Open in new window

Description

Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

CVSS V2

Access Vector: Network

Access Complexity: Low

Authentication: None

Confidentiality Impact: Partial

Integrity Impact: Partial

Availability Impact: Partial

Base Score: 7.5

Exploitability Score: 10.0

Impact Score: 6.4

CVSS V2: AV:N/AC:L/Au:N/C:P/I:P/A:P

Specialize CVSS-Score

CWE-ID

CWE-22

Configuration

Condition		Configuration
OR
OR
	cpe:2.3:a:opera:opera_browser:7.01:::::::* Part: a Product: opera_browser Vendor: opera Version: 7.01	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:7.23:::::::* Part: a Product: opera_browser Vendor: opera Version: 7.23	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:7.03:::::::* Part: a Product: opera_browser Vendor: opera Version: 7.03	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:5.11:::::::* Part: a Product: opera_browser Vendor: opera Version: 5.11	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:7.20:::::::* Part: a Product: opera_browser Vendor: opera Version: 7.20	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:6.02:::::::* Part: a Product: opera_browser Vendor: opera Version: 6.02	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:5.02:::::::* Part: a Product: opera_browser Vendor: opera Version: 5.02	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:5.10:::::::* Part: a Product: opera_browser Vendor: opera Version: 5.10	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:6.04:::::::* Part: a Product: opera_browser Vendor: opera Version: 6.04	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:5.0:::::::* Part: a Product: opera_browser Vendor: opera Version: 5.0	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:5.12:::::::* Part: a Product: opera_browser Vendor: opera Version: 5.12	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:6.0:::::::* Part: a Product: opera_browser Vendor: opera Version: 6.0	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:6.01:::::::* Part: a Product: opera_browser Vendor: opera Version: 6.01	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:6.03:::::::* Part: a Product: opera_browser Vendor: opera Version: 6.03	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:6.05:::::::* Part: a Product: opera_browser Vendor: opera Version: 6.05	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:6.06:::::::* Part: a Product: opera_browser Vendor: opera Version: 6.06	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:6.10:::::::* Part: a Product: opera_browser Vendor: opera Version: 6.10	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:7.0:::::::* Part: a Product: opera_browser Vendor: opera Version: 7.0	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:7.0:beta1:::::: Part: a Product: opera_browser Update: beta1 Vendor: opera Version: 7.0	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:7.0:beta2:::::: Part: a Product: opera_browser Update: beta2 Vendor: opera Version: 7.0	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:7.02:::::::* Part: a Product: opera_browser Vendor: opera Version: 7.02	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:7.10:::::::* Part: a Product: opera_browser Vendor: opera Version: 7.10	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:7.11:::::::* Part: a Product: opera_browser Vendor: opera Version: 7.11	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:7.21:::::::* Part: a Product: opera_browser Vendor: opera Version: 7.21	Alle Schwachstellen für opera
	cpe:2.3:a:opera:opera_browser:7.22:::::::* Part: a Product: opera_browser Vendor: opera Version: 7.22	Alle Schwachstellen für opera

Pre-Condition

                    <?xml version="1.0" ?>
<set operator="and">
    <set operator="or">
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:6.10:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*"/>
        <prop key="application" value="cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*"/>
    </set>
    <prop key="program_influence" value="input"/>
    <prop key="range" value="remote"/>
</set>

Post-Condition

                      <?xml version="1.0" ?>
<set operator="and">
    <prop key="target" value="host"/>
    <set operator="or">
        <prop key="program_influence" value="input"/>
        <prop key="program_influence" value="output"/>
        <prop key="program_influence" value="existence"/>
    </set>
    <prop key="data" value="any"/>
    <set operator="or">
        <prop key="data_influence" value="read"/>
        <prop key="data_influence" value="write"/>
        <prop key="data_influence" value="delete"/>
    </set>
    <set operator="or">
        <prop key="range" value="remote"/>
        <prop key="range" value="local"/>
    </set>
</set>