[Japanese]
|
JVNDB-2005-000530
|
Vulnerability in multiple web browsers allowing request spoofing attacks
|
Multiple web browsers contain a vulnerability in the processing of XmlHttpRequest objects. XmlHttpRequest objects available in JavaScript provide a function to communicate with a server without reloading a web page.
In general, JavaScript only allows communication within the same domain of the web page; however, an attacker could bypass this restriction by exploiting this vulnerability.
|
CVSS V2 Severity: Base Metrics 5.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
mozilla.org contributors
- Mozilla Firefox 1.0.6 and earlier
- Mozilla Suite 1.7.11 and earlier
Opera Software ASA
Turbolinux, Inc.
- Turbolinux 10_f
- Turbolinux Desktop 10
- Turbolinux Multimedia
- Turbolinux Personal
- Turbolinux Server 10
- Turbolinux Home
MIRACLE LINUX CORPORATION
- Asianux Server 2.0 Standard Edition
- Asianux Server 2.1 Standard Edition
- Asianux Server 3.0
- Asianux Server 3.0 (x86-64)
- Asianux Server 4.0
- Asianux Server 4.0 (x86-64)
Red Hat, Inc.
- Red Hat Enterprise Linux 2.1 (as)
- Red Hat Enterprise Linux 3 (as)
- Red Hat Enterprise Linux 4 (as)
- Red Hat Enterprise Linux 2.1 (es)
- Red Hat Enterprise Linux 3 (es)
- Red Hat Enterprise Linux 4 (es)
- Red Hat Enterprise Linux 2.1 (ws)
- Red Hat Enterprise Linux 3 (ws)
- Red Hat Enterprise Linux 4 (ws)
- Red Hat Enterprise Linux Desktop 3.0
- Red Hat Enterprise Linux Desktop 4.0
- Red Hat Linux Advanced Workstation 2.1
|
|
Authentication information or cookie information could be leaked.
|
|
mozilla.org contributors
Opera Software ASA
- Opera knowledge base : 810
Turbolinux, Inc.
MIRACLE LINUX CORPORATION
Red Hat, Inc.
|
- Code Injection(CWE-94) [NVD Evaluation]
|
- CVE-2005-2703
|
- JVN : JVN#31226748
- National Vulnerability Database (NVD) : CVE-2005-2703
- Secunia Advisory : SA16911
- SecurityFocus : 14923
- FrSIRT Advisories : FrSIRT/ADV-2005-1824
|
- [2008/05/21]
Web page published
|