CVE-2002-0783
CVSS7.5
发布时间 :2002-08-12 00:00:00
修订时间 :2008-09-05 16:28:56
NMCOES    

[原文]Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.


[CNNVD]Opera帧Location属性同源策略欺骗漏洞(CNNVD-200208-097)

        
        Opera是一款由Opera Software开发和维护的WEB浏览器产品,可使用在Linux和Unix操作系统下,也可使用在Microsoft Windows操作系统下。
        Opera在处理浏览器同源策略时存在漏洞,可导致远程攻击者在用户浏览器不同的帧中执行脚本代码。
        Opera允许Javascript修改包含在文档中IFRAME或者FRAME的Location属性,如果一IFRAME或者FRAME的Location设置为JavaScript: URL形式,Javascript代码会以URL所处的相同域中执行,导致远程攻击者可以读取其他域中的Cookie信息、本地文件结构、链接历史等缓冲中的敏感信息。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:opera_software:opera_web_browser:6.0.1::win32
cpe:/a:opera_software:opera_web_browser:5.12
cpe:/a:opera_software:opera_web_browser:6.0::win32
cpe:/a:opera_software:opera_web_browser:6.0
cpe:/a:opera_software:opera_web_browser:6.0.1
cpe:/a:opera_software:opera_web_browser:5.12::win32

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0783
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0783
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200208-097
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/4745
(VENDOR_ADVISORY)  BID  4745
http://www.iss.net/security_center/static/9096.php
(VENDOR_ADVISORY)  XF  opera-sameoriginpolicy-bypass(9096)
http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html
(VENDOR_ADVISORY)  BUGTRAQ  20020515 Opera javascript protocoll vulnerability [Sandblad advisory #6]

- 漏洞信息

Opera帧Location属性同源策略欺骗漏洞
高危 访问验证错误
2002-08-12 00:00:00 2005-10-20 00:00:00
远程  
        
        Opera是一款由Opera Software开发和维护的WEB浏览器产品,可使用在Linux和Unix操作系统下,也可使用在Microsoft Windows操作系统下。
        Opera在处理浏览器同源策略时存在漏洞,可导致远程攻击者在用户浏览器不同的帧中执行脚本代码。
        Opera允许Javascript修改包含在文档中IFRAME或者FRAME的Location属性,如果一IFRAME或者FRAME的Location设置为JavaScript: URL形式,Javascript代码会以URL所处的相同域中执行,导致远程攻击者可以读取其他域中的Cookie信息、本地文件结构、链接历史等缓冲中的敏感信息。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 设置浏览器,关闭javascript功能。
        厂商补丁:
        Opera Software
        --------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Opera Software Upgrade ow32enen602j.exe
        ftp://opera.docuweb.ca/pub/opera/win/602/en/ow32enen602j.exe
        Opera Software Upgrade ow32enen602.exe
        ftp://opera.docuweb.ca/pub/opera/win/602/en/ow32enen602.exe

- 漏洞信息 (21451)

Opera 5.12/6.0 Frame Location Same Origin Policy Circumvention Vulnerability (EDBID:21451)
windows remote
2002-05-15 Verified
0 Andreas Sandblad
N/A [点击下载]
source: http://www.securityfocus.com/bid/4745/info

Opera is a web browser product created by Opera Software, and is available for a range of operating systems including Windows and Linux. A vulnerability has been reported in some versions of the Opera Browser.

It is possible to bypass the same origin policy in some versions of the Opera Browser. Javascript may modify the location property of an IFRAME or FRAME included in the document. If the location is set to a javascript: URL, the script code will execute within the context of the previous frame site.

<iframe name=foo src="www.sensitive.com"></iframe>
<script>foo.location="javascript:alert(document.cookie)";</script> 		

- 漏洞信息

6271
Opera Frame Location Origin Policy Bypass
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

- 时间线

2002-05-15 Unknow
2002-05-15 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Opera Frame Location Same Origin Policy Circumvention Vulnerability
Access Validation Error 4745
Yes No
2002-05-15 12:00:00 2009-07-11 12:46:00
Discovered by Andreas Sandblad <sandblad@acc.umu.se>.

- 受影响的程序版本

Opera Software Opera Web Browser 6.0.1 win32
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional
Opera Software Opera Web Browser 6.0.1
Opera Software Opera Web Browser 6.0 win32
Opera Software Opera Web Browser 6.0
Opera Software Opera Web Browser 5.12 win32
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 95
- Microsoft Windows 98 SP1
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Opera Software Opera Web Browser 5.12
Opera Software Opera Web Browser 6.0.2 win32

- 不受影响的程序版本

Opera Software Opera Web Browser 6.0.2 win32

- 漏洞讨论

Opera is a web browser product created by Opera Software, and is available for a range of operating systems including Windows and Linux. A vulnerability has been reported in some versions of the Opera Browser.

It is possible to bypass the same origin policy in some versions of the Opera Browser. Javascript may modify the location property of an IFRAME or FRAME included in the document. If the location is set to a javascript: URL, the script code will execute within the context of the previous frame site.

- 漏洞利用

Exploit details are available in the bugtraq post by Andreas Sandblad &lt;sandblad@acc.umu.se&gt;, available within the references section. In general, exploits will take the following form:

&lt;iframe name=foo src="www.sensitive.com"&gt;&lt;/iframe&gt;
&lt;script&gt;foo.location="javascript:alert(document.cookie)";&lt;/script&gt;

- 解决方案

This issue is resolved in Opera 6.02 for Windows. Update information for other platforms is not currently available.


Opera Software Opera Web Browser 5.12 win32

Opera Software Opera Web Browser 6.0 win32

Opera Software Opera Web Browser 6.0.1 win32

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站