Vulnerability Description
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 6.0.2900 |
| Mozilla | Mozilla | All versions |
| Netscape | Navigator | All versions |
References
- http://marc.info/?l=bugtraq&m=102796732924658&w=2
- http://marc.info/?l=bugtraq&m=102798282208686&w=2
- http://marc.info/?l=bugtraq&m=102796732924658&w=2
- http://marc.info/?l=bugtraq&m=102798282208686&w=2
FAQ
What is CVE-2002-0815?
CVE-2002-0815 is a vulnerability with a CVSS score of 7.5 (HIGH). The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites ...
How severe is CVE-2002-0815?
CVE-2002-0815 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0815?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer, Mozilla Mozilla, Netscape Navigator.