{"vuid":"VU#612949","idnumber":"612949","name":"XMLHttpRequest Object security bypass in Opera Web Browser","keywords":["Opera","information disclosure","XMLHttpRequest","properly validate","server side redirects"],"overview":"The Opera Web Browser fails to properly enforce security restrictions on the XMLHttpRequest Object. This may allow a remote, unauthenticated attacker to insert content from potentially malicious web sites.","clean_desc":"The XMLHttpRequest Object is a scripting object that provides routines to make HTTP requests without needing to reload a webpage. This functionality can be used to include information from other pages. For security reasons, this functionality is restricted to only allow request to be made within the same domain. However, the Opera Web Browser fails to enforce this restriction and allows the XMLHttpRequest Object to access resources from other domains.","impact":"A remote, unauthenticated attacker may be able to access content and perform actions on web sites from a different domain. Attackers can leverage this vulnerability to launch social engineering attacks, such as phishing, in order to trick users into divulging personal information including, but not limited to, financial and medical data.","resolution":"Upgrade\nThis issue was corrected in Opera 8.01.","workarounds":"Disable Scripting and Java\nAt a minimum, disable scripting, such as JavaScript and Java within the Opera web browser.","sysaffected":"","thanks":"This vulnerability was reported in a Secunia Research Advisory. The advisory credits \nJakob Balle, Secunia Research with discoivering this vulnerability.","author":"This document was written by Jeff Gennari.","public":["http://secunia.com/secunia_research/2005-4/advisory/","http://secunia.com/advisories/15008/"],"cveids":["CVE-2005-1475"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-06-16T15:48:01Z","publicdate":"2005-06-16T00:00:00Z","datefirstpublished":"2005-06-28T19:09:05Z","dateupdated":"2005-07-06T14:53:28Z","revision":27,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"11","cam_impact":"13","cam_easeofexploitation":"12","cam_attackeraccessrequired":"10","cam_scorecurrent":"5.7915","cam_scorecurrentwidelyknown":"7.40025","cam_scorecurrentwidelyknownexploited":"13.83525","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":5.7915,"vulnote":null}