CVE-2008-3172

EUVD-2008-3162
Opera allows web sites to set cookies for country-specific top-level domains that have DNS A records, such as co.tv, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session, aka "Cross-Site Cooking."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
operaopera
*
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
opera
dapper
dne
feisty
ignored
gutsy
dne
hardy
dne
intrepid
dne
Common Weakness Enumeration
References
http://crisp.tweakblogs.net/blog/ie-and-2-letter-domain-names.html
http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html
http://o.bulport.com/index.php?item=55
https://bugzilla.mozilla.org/show_bug.cgi?id=252342
https://exchange.xforce.ibmcloud.com/vulnerabilities/43951
http://crisp.tweakblogs.net/blog/ie-and-2-letter-domain-names.html
http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html
http://o.bulport.com/index.php?item=55
https://bugzilla.mozilla.org/show_bug.cgi?id=252342
https://exchange.xforce.ibmcloud.com/vulnerabilities/43951