JVN/CVE Demo: Nvdinfos

NVD

Id: 57985
Name: CVE-2007-5960
Description: Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which allows remote attackers to spoof HTTP Referer headers and bypass Referer-based CSRF protection schemes by setting window.location and using a modal alert dialog that causes the wrong Referer to be sent.
Reject
CVSS Version: 2
CVSS Score: 4.3
Severity: Medium
CVSS Base Score: 4.3
CVSS Impact Subscore: 2.9
CVSS Exploit Subscore: 8.6
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Pub Date: 2017-01-07
Published: 2007-11-26
Modified Date: 2011-03-07
Seq: 2007-5960

Actions

Related NVD References

Id	NVD Id	NVD No.	Reference	Actions
296962	57985	CVE-2007-5960	http://browser.netscape.com/releasenotes/	View
296963	57985	CVE-2007-5960	http://bugs.gentoo.org/show_bug.cgi?id=198965	View
296964	57985	CVE-2007-5960	http://bugs.gentoo.org/show_bug.cgi?id=200909	View
296965	57985	CVE-2007-5960	HPSBUX02153	View
296966	57985	CVE-2007-5960	SUSE-SA:2007:066	View
296967	57985	CVE-2007-5960	oval:org.mitre.oval:def:9794	View
296968	57985	CVE-2007-5960	GLSA-200712-21	View
296969	57985	CVE-2007-5960	1018995	View
296970	57985	CVE-2007-5960	SSA:2007-333-01	View
296971	57985	CVE-2007-5960	SSA:2007-331-01	View
296972	57985	CVE-2007-5960	231441	View
296973	57985	CVE-2007-5960	1018977	View
296974	57985	CVE-2007-5960	http://wiki.rpath.com/Advisories:rPSA-2008-0093	View
296975	57985	CVE-2007-5960	http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0260	View
296976	57985	CVE-2007-5960	http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093	View
296977	57985	CVE-2007-5960	DSA-1424	View
296978	57985	CVE-2007-5960	DSA-1425	View
296979	57985	CVE-2007-5960	MDKSA-2007:246	View
296980	57985	CVE-2007-5960	http://www.mozilla.org/security/announce/2007/mfsa2007-39.html	View
296981	57985	CVE-2007-5960	RHSA-2007:1082	View
296982	57985	CVE-2007-5960	RHSA-2007:1083	View
296983	57985	CVE-2007-5960	RHSA-2007:1084	View
296984	57985	CVE-2007-5960	20080212 FLEA-2008-0001-1 firefox	View
296985	57985	CVE-2007-5960	20080229 rPSA-2008-0093-1 thunderbird	View
296986	57985	CVE-2007-5960	26589	View
296987	57985	CVE-2007-5960	USN-546-2	View
296988	57985	CVE-2007-5960	USN-546-1	View
296989	57985	CVE-2007-5960	ADV-2007-4002	View
296990	57985	CVE-2007-5960	ADV-2007-4018	View
296991	57985	CVE-2007-5960	ADV-2008-0083	View
296992	57985	CVE-2007-5960	ADV-2008-0643	View
296993	57985	CVE-2007-5960	mozilla-http-referer-spoofing(38644)	View
296994	57985	CVE-2007-5960	https://issues.rpath.com/browse/RPL-1984	View
296995	57985	CVE-2007-5960	https://issues.rpath.com/browse/RPL-1995	View
296996	57985	CVE-2007-5960	FEDORA-2007-756	View
296997	57985	CVE-2007-5960	FEDORA-2007-4106	View
296998	57985	CVE-2007-5960	FEDORA-2007-4098	View
296999	57985	CVE-2007-5960	FEDORA-2007-3952	View

Related JVN

Id	Name	Title	Summary	Cveinfo Name	Cveinfo Id	Nvdinfo Name	Nvdinfo Id	Cvssv2	Cvssv3	Jvnurl	Published Date	Last Updated Date	Actions
52305	JVNDB-2007-000995	Mozilla Firefox/SeaMonkey における HTTP Referer ヘッダを偽装可能な脆弱性	Mozilla Firefox および SeaMonkey にはwindow.location プロパティを設定するタイミングに不備があり、CSRF 保護スキームを超えて、HTTP Referer ヘッダを偽装可能な脆弱性が存在します。	CVE-2007-5960	29315	CVE-2007-5960	57985	4.3		http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-000995.html	2007-11-26	2008-03-05	View

Message	Memory use
Component initialization	1.38 MB
Controller action start	1.48 MB
Controller render start	2.33 MB
View render complete	24.92 MB

Message	Time in ms	Graph
Core Processing (Derived from $_SERVER["REQUEST_TIME"])	2.86
Event: Controller.initialize	0.02
Event: Controller.startup	0.17
Controller action	312.02
Event: Controller.beforeRender	4.19
» Processing toolbar data	4.11
Rendering View	923.20
» Event: View.beforeRender	0.02
» Rendering APP/View/Nvdinfos/view.ctp	902.20
» Event: View.afterRender	0.03
» Event: View.beforeLayout	0.02
» Rendering APP/View/Layouts/default.ctp	17.23
» » Rendering CORE/Cake/View/Elements/sql_dump.ctp	7.62
Event: View.afterLayout	0.00

Constant	Value
APP	/virtual/inogo77/public_html/jvn/app/
APP_DIR	app
APPLIBS	/virtual/inogo77/public_html/jvn/app/Lib/
CACHE	/virtual/inogo77/public_html/jvn/app/tmp/cache/
CAKE	/virtual/inogo77/public_html/jvn/lib/Cake/
CAKE_CORE_INCLUDE_PATH	/virtual/inogo77/public_html/jvn/lib
CORE_PATH	/virtual/inogo77/public_html/jvn/lib/
CAKE_VERSION	2.6.0
CSS	/virtual/inogo77/public_html/jvn/app/webroot/css/
CSS_URL	css/
DS	/
FULL_BASE_URL	http://inogo77.s500.xrea.com
IMAGES	/virtual/inogo77/public_html/jvn/app/webroot/img/
IMAGES_URL	img/
JS	/virtual/inogo77/public_html/jvn/app/webroot/js/
JS_URL	js/
LOGS	/virtual/inogo77/public_html/jvn/app/tmp/logs/
ROOT	/virtual/inogo77/public_html/jvn
TESTS	/virtual/inogo77/public_html/jvn/app/Test/
TMP	/virtual/inogo77/public_html/jvn/app/tmp/
VENDORS	/virtual/inogo77/public_html/jvn/vendors/
WEBROOT_DIR	webroot
WWW_ROOT	/virtual/inogo77/public_html/jvn/app/webroot/

Environment Variable	Value
Php Version	5.6.40
Phprc	php56.ini
Php Fcgi Children	1
Pwd	/virtual/inogo77/public_html/.fast-cgi-bin
Php Fcgi Max Requests	10000
Shlvl	0
Path	/usr/local/bin:/usr/bin:/bin
Http Connection	close
Script Name	/jvn/app/webroot/index.php
Request Uri	/jvn/nvdinfos/view/57985
Query String
Request Method	GET
Server Protocol	HTTP/1.1
Gateway Interface	CGI/1.1
Redirect Url	/jvn/app/webroot/nvdinfos/view/57985
Remote Port	14521
Script Filename	/virtual/inogo77/public_html/jvn/app/webroot/index.php
Server Admin	[no address given]
Context Document Root	/virtual/inogo77/public_html
Context Prefix
Request Scheme	http
Document Root	/virtual/inogo77/public_html
Remote Addr	3.139.89.220
Server Port	80
Server Addr	160.251.151.205
Server Name	inogo77.s500.xrea.com
Server Software	Apache
Server Signature
Http Host	inogo77.s500.xrea.com
Http Accept Encoding	gzip, br, zstd, deflate
Http User Agent	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Http Accept	/
Gem Home	/usr/local/rvm/gems/ruby-2.3.0
X Dostranslated Ip	3.139.89.220
Mm Country Code	US
Mmdb Info	result found
Mmdb Addr	3.139.89.220
Unique Id	aBhU80WRS9xQwJDwfrM7kAAAAcA
Redirect Status	200
Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect X Dostranslated Ip	3.139.89.220
Redirect Mm Country Code	US
Redirect Mmdb Info	result found
Redirect Mmdb Addr	3.139.89.220
Redirect Unique Id	aBhU80WRS9xQwJDwfrM7kAAAAcA
Redirect Redirect Status	200
Redirect Redirect Gem Home	/usr/local/rvm/gems/ruby-2.3.0
Redirect Redirect X Dostranslated Ip	3.139.89.220
Redirect Redirect Mm Country Code	US
Redirect Redirect Mmdb Info	result found
Redirect Redirect Mmdb Addr	3.139.89.220
Redirect Redirect Unique Id	aBhU80WRS9xQwJDwfrM7kAAAAcA
Fcgi Role	RESPONDER
Php Self	/jvn/app/webroot/index.php
Request Time Float	1746425075.1296
Request Time	1746425075

NVD

Actions

Related NVD References

Related JVN

Request History

Session

Request

Cake Params

Post data

Query string

Cookie

Current Route

Sql Logs

default

Memory

Timers

Logs

View Variables

App Constants

CakePHP Constants

PHP Environment

Included Files

Include Paths

Included Files