CVE-2010-2274

Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856
http://secunia.com/advisories/38964	Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21431472
http://secunia.com/advisories/40007	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958
http://www.vupen.com/english/advisories/2010/1281	Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994
http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/	Patch Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849
http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dojotoolkit:dojo:1.4.1:::::::*
	cpe:2.3:a:dojotoolkit:dojo:1.1.1:::::::*
	cpe:2.3:a:dojotoolkit:dojo:1.2:::::::*
	cpe:2.3:a:dojotoolkit:dojo:1.2.1:::::::*
	cpe:2.3:a:dojotoolkit:dojo:1.2.2:::::::*
	cpe:2.3:a:dojotoolkit:dojo:1.2.3:::::::*
	cpe:2.3:a:dojotoolkit:dojo:1.0:::::::*
	cpe:2.3:a:dojotoolkit:dojo:1.0.2:::::::*
	cpe:2.3:a:dojotoolkit:dojo:1.3:::::::*
	cpe:2.3:a:dojotoolkit:dojo:1.3.2:::::::*
	cpe:2.3:a:dojotoolkit:dojo:1.0.1:::::::*
	cpe:2.3:a:dojotoolkit:dojo:1.1:::::::*
	cpe:2.3:a:dojotoolkit:dojo:1.3.1:::::::*
	cpe:2.3:a:dojotoolkit:dojo:1.4:::::::*

Information

Published : 2010-06-15 07:30

Updated : 2010-06-16 21:00

NVD link : CVE-2010-2274

Mitre link : CVE-2010-2274

JSON object : View

CWE

NVD-CWE-Other

Products Affected

dojotoolkit

dojo

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50856", "name": "LO50856", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://secunia.com/advisories/38964", "name": "38964", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21431472", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/40007", "name": "40007", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50958", "name": "LO50958", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www.vupen.com/english/advisories/2010/1281", "name": "ADV-2010-1281", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50932", "name": "LO50932", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50994", "name": "LO50994", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/", "name": "http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50896", "name": "LO50896", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50849", "name": "LO50849", "tags": [], "refsource": "AIXAPAR"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1LO50833", "name": "LO50833", "tags": [], "refsource": "AIXAPAR"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, possibly related to dojo/resources/iframe_history.html, dojox/av/FLAudio.js, dojox/av/FLVideo.js, dojox/av/resources/audio.swf, dojox/av/resources/video.swf, util/buildscripts/jslib/build.js, util/buildscripts/jslib/buildUtil.js, and util/doh/runner.html."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-2274", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2010-06-15T14:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:dojotoolkit:dojo:1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2010-06-17T04:00Z"}

4.3 /10