CVE-2003-0593

Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Published: Apr 15, 2004
Updated: Apr 13, 2023
CVE: CVE-2003-0593
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
opera / opera_browser	7.01	7.01.x
opera / opera_browser	7.23	7.23.x
opera / opera_browser	7.03	7.03.x
opera / opera_browser	5.11	5.11.x
opera / opera_browser	7.20	7.20.x
opera / opera_browser	6.02	6.02.x
opera / opera_browser	5.02	5.02.x
opera / opera_browser	5.10	5.10.x
opera / opera_browser	6.04	6.04.x
opera / opera_browser	5.0	5.0.x
opera / opera_browser	5.12	5.12.x
opera / opera_browser	6.0	6.0.x
opera / opera_browser	6.01	6.01.x
opera / opera_browser	6.03	6.03.x
opera / opera_browser	6.05	6.05.x
opera / opera_browser	6.06	6.06.x
opera / opera_browser	6.10	6.10.x
opera / opera_browser	7.0	7.0.x
opera / opera_browser	7.0-beta1	7.0-beta1.x
opera / opera_browser	7.0-beta2	7.0-beta2.x
opera / opera_browser	7.02	7.02.x
opera / opera_browser	7.10	7.10.x
opera / opera_browser	7.11	7.11.x
opera / opera_browser	7.21	7.21.x
opera / opera_browser	7.22	7.22.x

Vulnerability Database

289,697

CVE-2003-0593