CVE-2006-6970
Opera 9.10 Final - Fraud Protection Bypass via Domain Name Manipulation
Title source: llmDescription
Opera 9.10 Final allows remote attackers to bypass the Fraud Protection mechanism by adding certain characters to the end of a domain name, as demonstrated by the "." and "/" characters, which is not caught by the blacklist filter.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/459265/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/34927
Exploit, Vendor Advisory x_refsource_misc
http://kaneda.bohater.net/security/20061220-opera_9.10_final_bypass_fraud_protection.php
Scores
EPSS
0.0034
EPSS Percentile
56.8%
Details
CWE
CWE-264
Status
published
Products (1)
opera/opera_browser
9.10
Published
Feb 07, 2007
Tracked Since
Feb 18, 2026