Vulnerability Name:

CVE-2003-1561 (CCN-14087)

Assigned:2003-12-23
Published:2003-12-23
Updated:2009-01-29
Summary:Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.5 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
CWE-noinfo
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Wed Dec 24 2003 - 10:16:09 CST
IE 5.22 on Mac Transmitting HTTP Referer from Secure Page

Source: CCN
Type: BugTraq Mailing List, Tue Dec 30 2003 - 15:50:27 CST
RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page

Source: CCN
Type: Netscape Web site
The Netscape Archive

Source: MITRE
Type: CNA
CVE-2003-1559

Source: MITRE
Type: CNA
CVE-2003-1560

Source: MITRE
Type: CNA
CVE-2003-1561

Source: SREASON
Type: UNKNOWN
4004

Source: CCN
Type: Gadgetopia Tuesday, December 23, 2003
Outlook Web Access Privacy Hole

Source: CCN
Type: Opera Web site
Opera browser

Source: CCN
Type: OSVDB ID: 3225
Microsoft IE for Mac Information Disclosure

Source: CCN
Type: OSVDB ID: 47811
Netscape Navigator Referer Header Information Disclosure

Source: CCN
Type: OSVDB ID: 47812
Opera Referer Header Information Disclosure

Source: BUGTRAQ
Type: UNKNOWN
20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page

Source: CCN
Type: BID-9295
Microsoft Internet Explorer HTTP Referer Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
browsers-httpreferer-information-disclosure(14087)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:opera:opera:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:ie:*:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.11:*:*:*:*:*:*:*
  • OR cpe:/a:netscape:navigator:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.23:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    opera opera *
    microsoft ie *
    opera opera browser 7.02
    opera opera browser 7.11
    netscape navigator 4.0
    opera opera browser 7.0
    opera opera browser 7.23