CVE-2007-5276

{"id": "CVE-2007-5276", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-10-08T23:17:00.000", "references": [{"url": "http://crypto.stanford.edu/dns/dns-rebinding.pdf", "tags": ["Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/45526", "tags": ["Broken Link"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Opera 9 drops DNS pins based on failed connections to irrelevant TCP ports, which makes it easier for remote attackers to conduct DNS rebinding attacks, as demonstrated by a port 81 URL in an IMG SRC, when the DNS pin had been established for a session on port 80."}, {"lang": "es", "value": "Opera 9 descarta asignaciones DNS fijas bas\u00e1ndose en conexiones fallidas a puertos TCP irrelevantes, lo cual facilita a atacantes remotos llevar a cabo ataques de revinculaci\u00f3n DNS, como se ha demostrado mediante un URL con puerto 81 en un SRC de IMG, cuando la asignaci\u00f3n DNS ha sido establecida para una sesi\u00f3n en el puerto 80."}], "lastModified": "2022-03-01T14:56:15.323", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEA17D3F-A17B-47A6-8066-583F63D11468"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}