Vulnerability CVE-2002-2358 - CERT Civis.Net

Vulnerability Name:

CVE-2002-2358 (CCN-9757)

Assigned:

2002-08-06

Published:

2002-08-06

Updated:

2008-09-05

Summary:

Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: VulnWatch Mailing List, Tue Aug 06 2002 - 02:15:52 CDT
Mozilla FTP View Cross-Site Scripting Vulnerability

Source: CCN
Type: VulnWatch Mailing List, Tue Aug 06 2002 - 02:15:59 CDT
Opera FTP View Cross-Site Scripting Vulnerability

Source: VULNWATCH
Type: Exploit
20020806 Opera FTP View Cross-Site Scripting Vulnerability

Source: CCN
Type: Bugzilla Bug 154030
HTML directory indexer doesn't html-escape url

Source: MITRE
Type: CNA
CVE-2002-2358

Source: MITRE
Type: CNA
CVE-2002-2359

Source: BUGTRAQ
Type: UNKNOWN
20020806 Opera FTP View Cross-Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
multiple-ftp-view-xss(9757)

Source: CCN
Type: Mozilla Web site
mozilla.org

Source: MISC
Type: UNKNOWN
http://www.opera.com/windows/changelogs/605/?session=b2a9ea38c710788c23970ba2c9a34d47

Source: CCN
Type: OSVDB ID: 59529
Opera FTP View URL Title Tag XSS

Source: CCN
Type: OSVDB ID: 59530
Mozilla FTP View URL Title Tag XSS

Source: BID
Type: Exploit, Patch
5401

Source: CCN
Type: BID-5401
Opera FTP View Cross-Site Scripting Vulnerability

Source: CCN
Type: BID-5403
Mozilla FTP View Cross-Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
multiple-ftp-view-xss(9757)

Vulnerable Configuration:

Configuration 1:

cpe:/a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*

OR cpe:/a:opera_software:opera_web_browser:6.0:*:win32:*:*:*:*:*

OR cpe:/a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*

OR cpe:/a:opera_software:opera_web_browser:6.0.1:*:linux:*:*:*:*:*

OR cpe:/a:opera_software:opera_web_browser:6.0.1:*:win32:*:*:*:*:*

OR cpe:/a:opera_software:opera_web_browser:6.0.2:*:win32:*:*:*:*:*

OR cpe:/a:opera_software:opera_web_browser:6.0.3:*:win32:*:*:*:*:*

OR cpe:/a:opera_software:opera_web_browser:6.0.4:*:win32:*:*:*:*:*

Configuration CCN 1:

cpe:/a:mozilla:mozilla:1.0:*:*:*:*:*:*:*

OR cpe:/a:opera:opera_browser:6.03:*:*:*:*:*:*:*

OR cpe:/a:opera:opera_browser:6.04:*:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

Denotes that component is vulnerable