CVE-2007-5276Browser vulnerability

3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 49.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opera Browser
Timeline
PublishedOct 8
Latest updateMay 1

Description

Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-vw2g-3hc3-gg3f: Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attack2022-05-01
CVEList
CVE-2007-5276: Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attack2007-10-08
CVE-2007-5276 — Opera Browser vulnerability | cvebase