CVE-2004-0473 — LOW (2.6) — White Hats Nepal

Q: How severe is CVE-2004-0473?

CVE-2004-0473 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2004-0473?

Check the references section above for vendor advisories and patch information. Affected products include: Opera Opera Browser.

Vulnerability Description

Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux.

CVSS Score

2.6

LOW

AV:N/AC:H/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Opera	Opera Browser	< 7.50

Related Weaknesses (CWE)

CWE-88

References

http://security.gentoo.org/glsa/glsa-200405-19.xmlThird Party Advisory
http://securitytracker.com/id?1010142Broken LinkThird Party AdvisoryVDB Entry
http://www.idefense.com/application/poi/display?id=104&type=vulnerabilitiesBroken Link
http://www.opera.com/linux/changelogs/750/index.dmlBroken Link
http://www.securityfocus.com/bid/10341Broken LinkThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/16139Third Party AdvisoryVDB Entry
http://security.gentoo.org/glsa/glsa-200405-19.xmlThird Party Advisory
http://securitytracker.com/id?1010142Broken LinkThird Party AdvisoryVDB Entry
http://www.idefense.com/application/poi/display?id=104&type=vulnerabilitiesBroken Link
http://www.opera.com/linux/changelogs/750/index.dmlBroken Link
http://www.securityfocus.com/bid/10341Broken LinkThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/16139Third Party AdvisoryVDB Entry

FAQ

What is CVE-2004-0473?

CVE-2004-0473 is a vulnerability with a CVSS score of 2.6 (LOW). Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting co...

How severe is CVE-2004-0473?

CVE-2004-0473 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-0473?

Check the references section above for vendor advisories and patch information. Affected products include: Opera Opera Browser.