CVE-2004-0872
published 2004-09-16CVE-2004-0872: Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which…
PriorityP416medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
2.73%
84.3th percentile
Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opera | opera_browser | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://securityfocus.com/archive/1/375407http://securitytracker.com/id?1011329http://www.westpoint.ltd.uk/advisories/wp-04-0001.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/17417http://securityfocus.com/archive/1/375407http://securitytracker.com/id?1011329http://www.westpoint.ltd.uk/advisories/wp-04-0001.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/17417
2004-09-16
Published