mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
114 lines
5.6 KiB
JSON
114 lines
5.6 KiB
JSON
{
|
|
"id": "CVE-2009-3018",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2009-08-31T16:30:07.063",
|
|
"lastModified": "2024-11-21T01:06:19.177",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header; does not properly block data: URIs in Location headers in HTTP responses, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within (a) 301 and (b) 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (7) injecting a Location HTTP response header or (8) specifying the content of a Location HTTP response header."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Maxthon Browser versi\u00f3n 3.0.0.145 Alpha con Ultramode no bloquea apropiadamente los URI javascript: y data: en encabezados Refresh en respuestas HTTP, lo que permite a los atacantes remotos conducir ataques de tipo cross-site scripting (XSS) por medio de vectores relacionados a (1) inyectar un encabezado Refresh que contiene un URI javascript:, (2) ingresando un URI javascript: al especificar el contenido de un encabezado Refresh, (3) inyectando un encabezado Refresh que contiene secuencias de JavaScript en un URI data:text/html, o (4) ingresando un URI data:text/html con secuencias de JavaScript al especificar el contenido de un encabezado Refresh; no bloquea apropiadamente los URI data: en los encabezados Location en las respuestas HTTP, lo que permite a los atacantes remotos asistidos por el usuario conducir ataques de tipo cross-site scripting (XSS) por medio de vectores relacionados a (5) inyectar un encabezado Location que contiene secuencias de JavaScript en un URI data:text/html o (6) ingresando un URI data:text/html con secuencias de JavaScript al especificar el contenido de un encabezado Location; y no maneja apropiadamente los URI JavaScript: en enlaces HTML dentro de documentos de error (a) 301 y (b) 302 enviados desde los servidores web, lo que permite a los atacantes remotos asistidos por el usuario conducir ataques de tipo cross-site scripting (XSS) por medio de vectores relacionados a ( 7) inyectar un encabezado de respuesta HTTP Location o (8) especificar el contenido de un encabezado de respuesta HTTP Location."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"baseScore": 4.3,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:maxthon:maxthon_browser:3.0.0.145:alpha:*:*:*:*:*:*",
|
|
"matchCriteriaId": "076D336E-B917-42B5-8038-82C7B0073E3B"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://websecurity.com.ua/3386/",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/506163/100/0/threaded",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53001",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6524",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://websecurity.com.ua/3386/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Exploit"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/archive/1/506163/100/0/threaded",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53001",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6524",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |