jvndb-2020-018328
Vulnerability from jvndb
Published
2024-09-12 12:23
Modified
2024-09-12 12:23
Summary
Falsification and eavesdropping of contents across multiple websites via Web Rehosting services
Details
Researchers at NTT Secure Platform Laboratories and Waseda University have identified multiple security issues that lead to content being tampered with and eavesdropped on a service called Web Rehosting. These issues have been published in <a href="https://www.ndss-symposium.org/ndss-paper/melting-pot-of-origins-compromising-the-intermediary-web-services-that-rehost-websites/" target="blank">NDSS 2020</a>. "Web Rehosting" is the name of a group of web services proposed in this study, which has the function of retrieving content from a user-specified website and hosting it again on its server. Web rehosting includes a web proxy service that allows users to specify the URLs they want to view from the web interface, a web translation service that translates the entire website and a web archive service that stores snapshots of the website. If a web rehosting service does not take measures against the attacks listed in this advisory, there is a risk that some of the browser resources of users may be manipulated by an attacker, resulting in a security and privacy violation. Web rehosting service owners can refer to the "Solution" section for countermeasures. Please refer to <a href="https://jvn.jp/en/ta/JVNTA96129397/index.html" target="blank">JVNTA#96129397</a> for more details. This document was written by Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama (NTT Secure Platform Laboratories), and JPCERT/CC to alert service providers and users.
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-018328.html",
  "dc:date": "2024-09-12T12:23+09:00",
  "dcterms:issued": "2024-09-12T12:23+09:00",
  "dcterms:modified": "2024-09-12T12:23+09:00",
  "description": "Researchers at NTT Secure Platform Laboratories and Waseda University have identified multiple security issues that lead to content being tampered with and eavesdropped on a service called Web Rehosting. These issues have been published in \u003ca href=\"https://www.ndss-symposium.org/ndss-paper/melting-pot-of-origins-compromising-the-intermediary-web-services-that-rehost-websites/\" target=\"blank\"\u003eNDSS 2020\u003c/a\u003e.\r\n\r\n\"Web Rehosting\" is the name of a group of web services proposed in this study, which has the function of retrieving content from a user-specified website and hosting it again on its server.\r\nWeb rehosting includes a web proxy service that allows users to specify the URLs they want to view from the web interface, a web translation service that translates the entire website and a web archive service that stores snapshots of the website.\r\n\r\nIf a web rehosting service does not take measures against the attacks listed in this advisory, there is a risk that some of the browser resources of users may be manipulated by an attacker, resulting in a security and privacy violation.\r\n\r\nWeb rehosting service owners can refer to the \"Solution\" section for countermeasures.\r\n\r\nPlease refer to \u003ca href=\"https://jvn.jp/en/ta/JVNTA96129397/index.html\" target=\"blank\"\u003eJVNTA#96129397\u003c/a\u003e for more details.\r\n\r\nThis document was written by Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama (NTT Secure Platform Laboratories), and JPCERT/CC to alert service providers and users.",
  "link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-018328.html",
  "sec:cpe": {
    "#text": "cpe:/a:misc:multiple_vendors",
    "@product": "(Multiple Products)",
    "@vendor": "(Multiple Venders)",
    "@version": "2.2"
  },
  "sec:identifier": "JVNDB-2020-018328",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/ta/JVNTA96129397/index.html",
      "@id": "JVNTA#96129397",
      "@source": "JVN"
    },
    {
      "#text": "https://www.ndss-symposium.org/ndss-paper/melting-pot-of-origins-compromising-the-intermediary-web-services-that-rehost-websites/",
      "@id": "Melting Pot of Origins: Compromising the Intermediary Web Services that Rehost Websites",
      "@source": "Related document"
    }
  ],
  "title": "Falsification and eavesdropping of contents across multiple websites via Web Rehosting services"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.