JVN/CVE Demo: Nvdinfos

NVD

Id: 5256
Name: CVE-2008-5506
Description: Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure."
Reject
CVSS Version: 2
CVSS Score: 6.8
Severity: Medium
CVSS Base Score: 6.8
CVSS Impact Subscore: 6.4
CVSS Exploit Subscore: 8.6
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Pub Date: 2017-01-03
Published: 2008-12-17
Modified Date: 2012-10-30
Seq: 2008-5506

Actions

Related NVD References

Id	NVD Id	NVD No.	Reference	Actions
33042	5256	CVE-2008-5506	oval:org.mitre.oval:def:10512	View
33043	5256	CVE-2008-5506	256408	View
33044	5256	CVE-2008-5506	258748	View
33045	5256	CVE-2008-5506	DSA-1696	View
33046	5256	CVE-2008-5506	DSA-1697	View
33047	5256	CVE-2008-5506	DSA-1704	View
33048	5256	CVE-2008-5506	DSA-1707	View
33049	5256	CVE-2008-5506	MDVSA-2008:244	View
33050	5256	CVE-2008-5506	MDVSA-2008:245	View
33051	5256	CVE-2008-5506	MDVSA-2009:012	View
33052	5256	CVE-2008-5506	http://www.mozilla.org/security/announce/2008/mfsa2008-64.html	View
33053	5256	CVE-2008-5506	RHSA-2008:1036	View
33054	5256	CVE-2008-5506	RHSA-2008:1037	View
33055	5256	CVE-2008-5506	RHSA-2009:0002	View
33056	5256	CVE-2008-5506	32882	View
33057	5256	CVE-2008-5506	1021427	View
33058	5256	CVE-2008-5506	USN-690-2	View
33059	5256	CVE-2008-5506	USN-701-1	View
33060	5256	CVE-2008-5506	USN-701-2	View
33061	5256	CVE-2008-5506	USN-690-1	View
33062	5256	CVE-2008-5506	USN-690-3	View
33063	5256	CVE-2008-5506	ADV-2009-0977	View
33064	5256	CVE-2008-5506	mozilla-xmlhttprequest-302-info-disclosure(47412)	View
33065	5256	CVE-2008-5506	https://bugzilla.mozilla.org/show_bug.cgi?id=458248	View

Related JVN

Id	Name	Title	Summary	Cveinfo Name	Cveinfo Id	Nvdinfo Name	Nvdinfo Id	Cvssv2	Cvssv3	Jvnurl	Published Date	Last Updated Date	Actions
46926	JVNDB-2008-002236	複数の Mozilla 製品における別ドメインからコンテンツを読まれる脆弱性	複数の Mozilla 製品には、XMLHttpRequest の処理に不備があるため、同一生成元ポリシーを回避され、別ドメインからコンテンツを読まれる脆弱性が存在します。	CVE-2008-5506	35619	CVE-2008-5506	5256	6.8		http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002236.html	2008-12-17	2009-06-30	View

Message	Memory use
Component initialization	1.38 MB
Controller action start	1.49 MB
Controller render start	2.30 MB
View render complete	13.51 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.71
Event: Controller.initialize	0.02
Event: Controller.startup	0.06
Controller action	351.36
Event: Controller.beforeRender	4.43
» Processing toolbar data	4.33
Rendering View	489.78
» Event: View.beforeRender	0.02
» Rendering APP/View/Nvdinfos/view.ctp	479.58
» Event: View.afterRender	0.03
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	8.30
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	3.63
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/nvdinfos/view/5256
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/nvdinfos/view/5256
Remote Port	24134
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	216.73.216.148
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Connection	close
Http Cache Control	max-age=259200
Http X Forwarded For	10.1.78.197
Http Via	1.1 squid-proxy-5b5d847c96-v2jzj (squid/6.10)
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	216.73.216.148
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	216.73.216.148
Unique Id	aFeF5n_dgAwKMRWIEaaAxQAAAqk
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	216.73.216.148
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	216.73.216.148
Redirect Unique Id	aFeF5n_dgAwKMRWIEaaAxQAAAqk
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	216.73.216.148
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	216.73.216.148
Redirect Redirect Unique Id	aFeF5n_dgAwKMRWIEaaAxQAAAqk
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1750566374.2093
Request Time	1750566374

NVD

Actions

Related NVD References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files