Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.OPERA_1000.NASL
HistorySep 01, 2009 - 12:00 a.m.

Opera < 10.0 Multiple Vulnerabilities

2009-09-0100:00:00
This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
www.tenable.com
11

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.007 Low

EPSS

Percentile

80.9%

JSON

The version of Opera installed on the remote host is earlier than 10.0 and thus reportedly affected by multiple issues :

  • Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating in Opera, and the site might be shown as secure. (929)

  • The collapsed Address bar can in some cases temporarily show the previous domain of the present site. (930)

  • Some Unicode characters are treated incorrectly which might cause international domain names that use them to be shown in the wrong format. Showing these addresses in Unicode instead of punycode could allow for limited address spoofing. (932)

  • The application trusts root X.509 certificates signed with the MD2 algorithm. (933)

  • Certificates which use a wild card immediately before the top level domain, or nulls in the domain name, may pass validation checks in Opera. Sites using such certificates may then incorrectly be presented as secure. (934)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(40827);
  script_version("1.11");

  script_cve_id(
    "CVE-2009-3044",
    "CVE-2009-3045",
    "CVE-2009-3046",
    "CVE-2009-3047",
    "CVE-2009-3049"
  );
  script_bugtraq_id(36202);
  script_xref(name:"Secunia", value:"36414");
  
  script_name(english:"Opera < 10.0 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Opera");

  script_set_attribute(attribute:"synopsis",value:
"The remote host contains a web browser that is affected by multiple
issues."
  );
  script_set_attribute(attribute:"description", value:
"The version of Opera installed on the remote host is earlier than
10.0 and thus reportedly affected by multiple issues :

  - Opera does not check the revocation status for
    intermediate certificates not served by the server. If
    the intermediate is revoked, this might not impact the
    security rating in Opera, and the site might be shown as
    secure. (929)

  - The collapsed Address bar can in some cases temporarily
    show the previous domain of the present site. (930)

  - Some Unicode characters are treated incorrectly which
    might cause international domain names that use them to
    be shown in the wrong format. Showing these addresses in
    Unicode instead of punycode could allow for limited
    address spoofing. (932)

  - The application trusts root X.509 certificates signed 
    with the MD2 algorithm. (933)

  - Certificates which use a wild card immediately before
    the top level domain, or nulls in the domain name, may
    pass validation checks in Opera. Sites using such
    certificates may then incorrectly be presented as
    secure. (934)"
  );

  script_set_attribute(attribute:"see_also",
    value:"http://web.archive.org/web/20130225215019/http://www.opera.com/support/kb/view/929/"
  );
  script_set_attribute(attribute:"see_also",
    value:"http://web.archive.org/web/20130225215023/http://www.opera.com/support/kb/view/930/"
  );
  script_set_attribute(attribute:"see_also",
    value:"http://web.archive.org/web/20130225215026/http://www.opera.com/support/kb/view/932/"
  );
  script_set_attribute(attribute:"see_also",
    value:"http://web.archive.org/web/20130225215016/http://www.opera.com/support/kb/view/933/"
  );
  script_set_attribute(attribute:"see_also",
    value:"http://web.archive.org/web/20130225215029/http://www.opera.com/support/kb/view/934/"
  );
  script_set_attribute(attribute:"solution", 
    value:"Upgrade to Opera 10.0 or later."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(264, 310);
  script_set_attribute(attribute:"vuln_publication_date",
    value:"2009/09/01"
  );
  script_set_attribute(attribute:"patch_publication_date",
    value:"2009/09/01"
  );
  script_set_attribute(attribute:"plugin_publication_date",
    value:"2009/09/01"
  );
 script_cvs_date("Date: 2018/11/15 20:50:27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");

  script_dependencies("opera_installed.nasl");
  script_require_keys("SMB/Opera/Version");

  exit(0);
}

include("global_settings.inc");

version_ui = get_kb_item("SMB/Opera/Version_UI");
version = get_kb_item("SMB/Opera/Version");
if (isnull(version)) exit(1, "Opera version info was not found in the registry.");

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (ver[0] < 10)
{
  if (report_verbosity > 0 && version_ui)
  {
    report = string(
      "\n",
      "Opera ", version_ui, " is currently installed on the remote host.\n"
    );
    security_warning(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_warning(port:get_kb_item("SMB/transport"));
}
exit(0, "The installed version of Opera is not affected");
VendorProductVersionCPE
operaopera_browsercpe:/a:opera:opera_browser

Related

openvas 6
cve 5
prion 5
cvelist 5
nvd 5
nessus 1
gentoo 1
openvas
openvas
Opera Multiple URL Spoofing Vulnerabilities (Sep 2009) - Windows
2009-09-07 00:00:00
Opera Multiple URL Spoofing Vulnerabilities - Sep09 (Windows)
2009-09-07 00:00:00
Opera Multiple URL Spoofing Vulnerabilities (Sep 2009) - Linux
2009-09-07 00:00:00
cve
cve
CVE-2009-3047
2009-09-02 17:30:01
CVE-2009-3046
2009-09-02 17:30:01
CVE-2009-3045
2009-09-02 17:30:01
prion
prion
Design/Logic Flaw
2009-09-02 17:30:00
Input validation
2009-09-02 17:30:00
Code injection
2009-09-02 17:30:00
cvelist
cvelist
CVE-2009-3047
2009-09-02 17:00:00
CVE-2009-3046
2009-09-02 17:00:00
CVE-2009-3045
2009-09-02 17:00:00
nvd
nvd
CVE-2009-3047
2009-09-02 17:30:01
CVE-2009-3046
2009-09-02 17:30:01
CVE-2009-3045
2009-09-02 17:30:01
nessus
nessus
GLSA-201206-03 : Opera: Multiple vulnerabilities
2012-06-21 00:00:00
gentoo
gentoo
Opera: Multiple vulnerabilities
2012-06-15 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.007 Low

EPSS

Percentile

80.9%

JSON
Related for OPERA_1000.NASL
openvas6cve5prion5cvelist5nvd5nessus1gentoo1