[Japanese]

JVNDB-2005-000799

Problem with referer header handling on mobile phone web browsers

Overview

We have confirmed that web browser products from Openwave Systems Inc. used for the Internet connection service for mobile phones have a problem in its function of sending referer information under certain circumstances.

This problem has been reported for KDDI's au mobile phones. KDDI, regarding this problem as a defect which leads to behaviors inconsistent with the specification of RFC2616, provides countermeasure information. JVN has publicized this issue in coordination with vendors to make it known to users.
CVSS Severity (What is CVSS?)

Base Metrics: 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None

Affected Products


KDDI
  • EZweb Browser (For more information, refer to the vendors' websites.)

Impact

Referer information may be unintendedly sent to a server under certain operating conditions.
Solution

Vendor Information

KDDI
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#15243167
Revision History

[2008/05/21]
  Web page published

Date Public2005/12/09
Date First Published2008/05/21
Date Last Updated2008/05/21