CVE-2001-0898 - Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and li

CVE-2001-0898

Summary

Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.

References

http://marc.info/?l=bugtraq&m=100586079932284&w=2
http://marc.info/?l=bugtraq&m=100588139312696&w=2
http://www.iss.net/security_center/static/7567.php
http://www.securityfocus.com/bid/3553

Vulnerable Configurations

cpe:2.3:a:opera_software:opera_web_browser:*:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2016 - 02:12)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	3553
bugtraq	20011115 Several javascript vulnerabilities in Opera 20011116 Re: Several javascript vulnerabilities in Opera
xf	opera-java-cross-site(7567)

Last major update

18-10-2016 - 02:12

Published

15-11-2001 - 05:00

Last modified

18-10-2016 - 02:12