7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.171 Low
EPSS
Percentile
96.1%
Karol Wiesek and Greg MacManus reported via iDEFENSE that the
Opera web browser contains a flaw in the handling of
certain URIs. When presented with these URIs, Opera would
invoke external commands to process them after some
validation. However, if the hostname component of a URI
begins with a `-', it may be treated as an option by an external
command. This could have undesirable side-effects, from
denial-of-service to code execution. The impact is very
dependent on local configuration.
After the iDEFENSE advisory was published, the KDE team
discovered similar problems in KDE’s URI handlers.