CVE-2007-5276
Severity Score
4.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.
Opera 9 descarta asignaciones DNS fijas basándose en conexiones fallidas a puertos TCP irrelevantes, lo cual facilita a atacantes remotos llevar a cabo ataques de revinculación DNS, como se ha demostrado mediante un URL con puerto 81 en un SRC de IMG, cuando la asignación DNS ha sido establecida para una sesión en el puerto 80.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-10-08 CVE Reserved
- 2007-10-08 CVE Published
- 2024-07-04 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://crypto.stanford.edu/dns/dns-rebinding.pdf | Technical Description | |
| http://osvdb.org/45526 | Broken Link |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opera Search vendor "Opera" | Opera Browser Search vendor "Opera" for product "Opera Browser" | 9.0 Search vendor "Opera" for product "Opera Browser" and version "9.0" | - |
Affected
| ||||||