Vulnerabilities > CVE-2004-0872 - Incorrect Resource Transfer Between Spheres vulnerability in Opera Browser 7.51

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

opera

CWE-669

NVD

Published: 2004-09-16

Updated: 2022-02-28

Summary

Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

Vulnerable Configurations

Part	Description	Count
Application	Opera Opera Opera Browser 7.51	1

Common Weakness Enumeration (CWE)

CWE-669 - Incorrect Resource Transfer Between Spheres

References

http://securityfocus.com/archive/1/375407
http://www.westpoint.ltd.uk/advisories/wp-04-0001.txt
http://securitytracker.com/id?1011329
https://exchange.xforce.ibmcloud.com/vulnerabilities/17417