First published: Tue Mar 16 2004(Updated: )
Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Opera Opera Browser | =5.0 | |
Opera Opera Browser | =5.02 | |
Opera Opera Browser | =5.10 | |
Opera Opera Browser | =5.11 | |
Opera Opera Browser | =5.12 | |
Opera Opera Browser | =6.0 | |
Opera Opera Browser | =6.01 | |
Opera Opera Browser | =6.02 | |
Opera Opera Browser | =6.03 | |
Opera Opera Browser | =6.04 | |
Opera Opera Browser | =6.05 | |
Opera Opera Browser | =6.06 | |
Opera Opera Browser | =6.10 | |
Opera Opera Browser | =7.0 | |
Opera Opera Browser | =7.0-beta1 | |
Opera Opera Browser | =7.0-beta2 | |
Opera Opera Browser | =7.01 | |
Opera Opera Browser | =7.02 | |
Opera Opera Browser | =7.03 | |
Opera Opera Browser | =7.10 | |
Opera Opera Browser | =7.11 | |
Opera Opera Browser | =7.20 | |
Opera Opera Browser | =7.21 | |
Opera Opera Browser | =7.22 | |
Opera Opera Browser | =7.23 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.