Upstream information
Description
Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having critical severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 5 |
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 13:34:05 2013CVE page last modified: Fri Oct 7 12:46:31 2022