CVE-2003-0593

Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html	Broken Link Exploit Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html	Not Applicable

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:opera:opera_browser:5.0:::::::*
	cpe:2.3:a:opera:opera_browser:5.02:::::::*
	cpe:2.3:a:opera:opera_browser:5.10:::::::*
	cpe:2.3:a:opera:opera_browser:5.11:::::::*
	cpe:2.3:a:opera:opera_browser:5.12:::::::*
	cpe:2.3:a:opera:opera_browser:6.0:::::::*
	cpe:2.3:a:opera:opera_browser:6.01:::::::*
	cpe:2.3:a:opera:opera_browser:6.02:::::::*
	cpe:2.3:a:opera:opera_browser:6.03:::::::*
	cpe:2.3:a:opera:opera_browser:6.04:::::::*
	cpe:2.3:a:opera:opera_browser:6.05:::::::*
	cpe:2.3:a:opera:opera_browser:6.06:::::::*
	cpe:2.3:a:opera:opera_browser:6.10:::::::*
	cpe:2.3:a:opera:opera_browser:7.0:::::::*
	cpe:2.3:a:opera:opera_browser:7.0:beta1::::::
	cpe:2.3:a:opera:opera_browser:7.0:beta2::::::
	cpe:2.3:a:opera:opera_browser:7.01:::::::*
	cpe:2.3:a:opera:opera_browser:7.02:::::::*
	cpe:2.3:a:opera:opera_browser:7.03:::::::*
	cpe:2.3:a:opera:opera_browser:7.10:::::::*
	cpe:2.3:a:opera:opera_browser:7.11:::::::*
	cpe:2.3:a:opera:opera_browser:7.20:::::::*
	cpe:2.3:a:opera:opera_browser:7.21:::::::*
	cpe:2.3:a:opera:opera_browser:7.22:::::::*
	cpe:2.3:a:opera:opera_browser:7.23:::::::*

History

01 Mar 2022, 20:13

Type	Values Removed	Values Added
First Time		Opera Opera opera Browser
CWE	~~NVD-CWE-Other~~	CWE-22
CPE	cpe:2.3:a:opera_software:opera_web_browser:6.0.2::win32::::: cpe:2.3:a:opera_software:opera_web_browser:7.0::win32::::: cpe:2.3:a:opera_software:opera_web_browser:5.12::win32::::: cpe:2.3:a:opera_software:opera_web_browser:7.11:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.11j:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2::win32::::: cpe:2.3:a:opera_software:opera_web_browser:6.0.3::win32::::: cpe:2.3:a:opera_software:opera_web_browser:5.0::mac::::: cpe:2.3:a:opera_software:opera_web_browser:7.23:::::::* cpe:2.3:a:opera_software:opera_web_browser:6.0.1::win32::::: cpe:2.3:a:opera_software:opera_web_browser:7.0.1::win32::::: cpe:2.3:a:opera_software:opera_web_browser:6.0.6::win32::::: cpe:2.3:a:opera_software:opera_web_browser:6.0.1:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.22:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.20_beta1_build2981:::::::* cpe:2.3:a:opera_software:opera_web_browser:5.12:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.0.3::win32::::: cpe:2.3:a:opera_software:opera_web_browser:6.0.6:::::::* cpe:2.3:a:opera_software:opera_web_browser:6.0.2::linux::::: cpe:2.3:a:opera_software:opera_web_browser:7.21:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.10:::::::* cpe:2.3:a:opera_software:opera_web_browser:6.0:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1::win32::::: cpe:2.3:a:opera_software:opera_web_browser:7.20:::::::* cpe:2.3:a:opera_software:opera_web_browser:6.10::linux::::: cpe:2.3:a:opera_software:opera_web_browser:5.1.0::win32::::: cpe:2.3:a:opera_software:opera_web_browser:6.0.5::win32::::: cpe:2.3:a:opera_software:opera_web_browser:6.0.4::win32::::: cpe:2.3:a:opera_software:opera_web_browser:6.0.1::linux::::: cpe:2.3:a:opera_software:opera_web_browser:5.0::linux::::: cpe:2.3:a:opera_software:opera_web_browser:6.0::win32::::: cpe:2.3:a:opera_software:opera_web_browser:7.0.2::win32::::: cpe:2.3:a:opera_software:opera_web_browser:7.11b:::::::* cpe:2.3:a:opera_software:opera_web_browser:6.0.3::linux::::: cpe:2.3:a:opera_software:opera_web_browser:5.0.2::win32::::: cpe:2.3:a:opera_software:opera_web_browser:5.1.1::win32:::::	cpe:2.3:a:opera:opera_browser:6.01:::::::* cpe:2.3:a:opera:opera_browser:6.02:::::::* cpe:2.3:a:opera:opera_browser:7.01:::::::* cpe:2.3:a:opera:opera_browser:5.11:::::::* cpe:2.3:a:opera:opera_browser:7.20:::::::* cpe:2.3:a:opera:opera_browser:5.10:::::::* cpe:2.3:a:opera:opera_browser:7.23:::::::* cpe:2.3:a:opera:opera_browser:7.10:::::::* cpe:2.3:a:opera:opera_browser:7.03:::::::* cpe:2.3:a:opera:opera_browser:7.02:::::::* cpe:2.3:a:opera:opera_browser:7.0:::::::* cpe:2.3:a:opera:opera_browser:7.0:beta2:::::: cpe:2.3:a:opera:opera_browser:6.05:::::::* cpe:2.3:a:opera:opera_browser:6.10:::::::* cpe:2.3:a:opera:opera_browser:6.0:::::::* cpe:2.3:a:opera:opera_browser:7.11:::::::* cpe:2.3:a:opera:opera_browser:6.06:::::::* cpe:2.3:a:opera:opera_browser:6.04:::::::* cpe:2.3:a:opera:opera_browser:5.0:::::::* cpe:2.3:a:opera:opera_browser:5.02:::::::* cpe:2.3:a:opera:opera_browser:5.12:::::::* cpe:2.3:a:opera:opera_browser:7.0:beta1:::::: cpe:2.3:a:opera:opera_browser:7.22:::::::* cpe:2.3:a:opera:opera_browser:6.03:::::::* cpe:2.3:a:opera:opera_browser:7.21:::::::*
References	~~(FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html -~~	(FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html - Not Applicable
References	~~(VULNWATCH) http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html - Exploit, Vendor Advisory~~	(VULNWATCH) http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html - Broken Link, Exploit, Vendor Advisory

Information

Published : 2004-04-15 04:00

Updated : 2023-12-10 10:17

NVD link : CVE-2003-0593

Mitre link : CVE-2003-0593

CVE.ORG link : CVE-2003-0593

JSON object : View

Products Affected

opera

opera_browser

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

7.5 /10