JVNDB-2006-000603

[Japanese]
JVNDB-2006-000603
Hatena Toolbar sends URL information unecnrypted
Overview
Hatena Toolbar improperly sends URL information to the Hatena server without being encrypted when a user views a web page secured by SSL.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 2.6 (Low) [IPA Score] Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
Affected Products

Hatena Hatena Toolbar sends URL information unecnrypted

Impact
When a user of Hatena Toolbar views a SSL secured web page, an attacker could obtain the information contained in the URL such as a session ID which needs to be protected. As a result, an attacker could possibly conduct session hijacking.
Solution

Vendor Information
Hatena Hatena Diary : 20060127/1138344466 (Japanese) Hatena Diary : 20060203/1138936923 (Japanese) Hatena Toolbar : v1.5.5 (Japanese) Hatenabar : v0.4.4 (Japanese)
CWE (What is CWE?)

CVE (What is CVE?)

References
JVN : JVN#77886599
Revision History
[2008/05/21] Web page published

Hatena Toolbar sends URL information unecnrypted