Skip to main content

Incorrect Resource Transfer Between Spheres

CVE-2004-0872

Severity Medium
Score 5/10

Summary

Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."

  • LOW
  • NETWORK
  • NONE
  • NONE
  • PARTIAL
  • NONE

CWE-669 - Incorrect Resource Transfer Between Spheres

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

References

Advisory Timeline

  • Published