[Dshield] Browser vulnerability: Opera Cookie Path Restrictions Can Be Bypassed By Remote Servers

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Fri Mar 12 11:35:12 GMT 2004


FYI-

Opera Cookie Path Restrictions Can Be Bypassed By Remote Servers

Description:  A vulnerability was reported in Opera in the processing of
cookies. A remote user may be able to bypass the path restrictions
specified by a cookie's originator. Several other browsers are also
affected.

http://www.securitytracker.com/alerts/2004/Mar/1009365.html

The affected vendors were reportedly notified between July 12 and July
18, 2003.

Impact:  A remote server application can obtain cookies from the target
user's browser for the same domain but regardless of the path
restrictions.

Solution:  Opera issued a fixed version (7.21 and later), available at:

http://www.opera.com/download/

Underlying OS:  BeOS, Linux (Any), MacOS, QNX, UNIX (FreeBSD), UNIX
(Solaris - SunOS), Windows (Any)


- Pete


           "Success is the ability to go from one failure 
               to another with no loss of enthusiasm."
       Sir Winston Churchill (1874 - 1965); British politician.





More information about the list mailing list