Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.OPERA_1050.NASL
HistoryMar 02, 2010 - 12:00 a.m.

Opera < 10.50 Multiple Vulnerabilities

2010-03-0200:00:00
This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
www.tenable.com
26

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

74.8%

JSON

The version of Opera installed on the remote host is earlier than 10.50. Such versions are potentially affected by multiple issues :

  • An error in the TLS protocol when handling session re-negotiations may allow man-in-the-middle attacks. (944)

  • Widget properties may be exposed to third-party domains in some cases, possibly resulting in the leak of widget information or configuration options for the widget. (959)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(44960);
  script_version("1.13");
  script_cvs_date("Date: 2018/11/15 20:50:27");

  script_cve_id("CVE-2009-3555", "CVE-2010-2659");
  script_bugtraq_id(36935);
  script_xref(name:"Secunia", value:"38546");

  script_name(english:"Opera < 10.50 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Opera");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
issues."
  );
  script_set_attribute(attribute:"description", value:
"The version of Opera installed on the remote host is earlier than
10.50.  Such versions are potentially affected by multiple issues :

  - An error in the TLS protocol when handling session
    re-negotiations may allow man-in-the-middle attacks. 
    (944)

  - Widget properties may be exposed to third-party domains 
    in some cases, possibly resulting in the leak of widget
    information or configuration options for the widget. 
    (959)"
  );
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225211634/http://www.opera.com/support/kb/view/944/");
  script_set_attribute(attribute:"see_also", value:"http://www.opera.com/support/search/view/959/");
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170826192901/http://www.opera.com:80/docs/changelogs/windows/1050/");
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?df8a9d78");
  script_set_attribute(attribute:"solution", value:"Upgrade to Opera 10.50 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(310);
  script_set_attribute(attribute:"vuln_publication_date", value:"2010/03/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/02");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");

  script_dependencies("opera_installed.nasl");
  script_require_keys("SMB/Opera/Version");

  exit(0);
}

include("global_settings.inc");

version_ui = get_kb_item("SMB/Opera/Version_UI");
version = get_kb_item("SMB/Opera/Version");
if (isnull(version)) exit(1, "The 'SMB/Opera/Version' KB item is missing.");

if (isnull(version_ui)) version_report = version;
else version_report = version_ui;

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (
  ver[0] < 10 ||
  (ver[0] == 10 && ver[1] < 50)
)
{
  if (report_verbosity > 0)
  {
    report = string(
      "\n",
      "Opera ", version_report, " is currently installed on the remote host.\n"
    );
    security_warning(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_warning(port:get_kb_item("SMB/transport"));
  exit(0);
}
else exit(0, "The host is not affected since Opera "+version_report+" is installed.");
VendorProductVersionCPE
operaopera_browsercpe:/a:opera:opera_browser

Related

prion 2
nvd 2
openvas 64
cve 1
cvelist 2
nessus 63
ubuntu 4
securityvulns 7
veracode 1
debian 6
fedora 9
fortinet 1
seebug 4
cisco 2
oraclelinux 2
centos 2
altlinux 4
slackware 1
hackerone 1
redhat 3
packetstorm 1
f5 2
openssl 1
ubuntucve 1
freebsd_advisory 1
checkpoint_advisories 3
osv 1
exploitpack 1
cert 1
debiancve 1
ibm 1
nginx 1
github 1
mozilla 1
suse 1
prion
prion
Code injection
2010-07-08 12:54:00
Cross site request forgery (csrf)
2009-11-09 17:30:00
nvd
nvd
CVE-2010-2659
2010-07-08 12:54:47
CVE-2009-3555
2009-11-09 17:30:00
openvas
openvas
Opera Browser < 10.50 'widget' Information Disclosure Vulnerability (Jul 2010) - Windows
2010-07-16 00:00:00
Opera Browser 'widget' Information Disclosure Vulnerability july-10 (Windows)
2010-07-16 00:00:00
RedHat Update for nss RHSA-2010:0165-01
2010-03-31 00:00:00
cve
cve
CVE-2010-2659
2010-07-08 12:54:47
cvelist
cvelist
CVE-2010-2659
2010-07-07 18:00:00
CVE-2009-3555
2009-11-09 17:00:00
nessus
nessus
Fedora 13 : nss-3.12.6-1.2.fc13 (2010-3929)
2010-07-01 00:00:00
openSUSE Security Update : libfreebl3 (openSUSE-SU-2010:0100-1)
2010-04-13 00:00:00
SuSE9 Security Update : GnuTLS (YOU Patch Number 12705)
2011-05-02 00:00:00
ubuntu
ubuntu
nss vulnerability
2010-06-29 00:00:00
NSS vulnerability
2010-07-23 00:00:00
NSS vulnerability
2010-04-09 00:00:00
securityvulns
securityvulns
SSL data injection
2010-02-10 00:00:00
[ MDVSA-2009:337 ] proftpd
2009-12-22 00:00:00
[ MDVSA-2009:295 ] apache
2009-11-09 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2020-04-10 00:36:56
debian
debian
[SECURITY] [DSA-2141-1] New apache2 packages add backward compatibility option
2011-01-05 23:21:00
[SECURITY] [DSA-2141-2] New nss packages fix protocol design flaw
2011-01-05 23:20:31
[SECURITY] [DSA-2141-4] New lighttpd packages fix regression
2011-01-12 18:51:18
fedora
fedora
[SECURITY] Fedora 12 Update: nss-util-3.12.5-1.fc12.1
2009-12-10 04:13:15
[SECURITY] Fedora 12 Update: proftpd-1.3.2c-1.fc12
2009-12-27 20:24:34
[SECURITY] Fedora 12 Update: tomcat-native-1.1.18-1.fc12
2009-12-18 04:35:37
fortinet
fortinet
FortiOS SSL Deep-Inspection possible Insecure Renegotiation
2017-11-03 00:00:00
seebug
seebug
Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability
2009-11-10 00:00:00
TLS Renegotiation Vulnerability PoC Exploit
2009-12-21 00:00:00
TLS Renegotiation Vulnerability PoC
2014-07-01 00:00:00
cisco
cisco
Transport Layer Security Renegotiation Vulnerability
2009-11-09 13:00:00
Transport Layer Security Renegotiation Remote Man-in-the-Middle Attack Vulnerability
2009-11-05 19:53:52
oraclelinux
oraclelinux
openssl097a security update
2010-03-25 00:00:00
nss security update
2010-03-25 00:00:00
centos
centos
openssl097a security update
2010-03-27 17:44:36
nspr, nss security update
2010-03-28 15:36:50
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.8l-alt1
2009-11-07 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 0.9.8l-alt1
2009-11-07 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.8l-alt1
2009-11-07 00:00:00
slackware
slackware
openssl
2009-11-16 13:42:36
hackerone
hackerone
Slack: TLS1/SSLv3 Renegotiation Vulnerability
2014-04-02 13:01:00
redhat
redhat
(RHSA-2010:0165) Moderate: nss security update
2010-03-25 00:00:00
(RHSA-2010:0164) Moderate: openssl097a security update
2010-03-25 00:00:00
(RHSA-2010:0155) Moderate: java-1.4.2-ibm security and bug fix update
2010-03-17 00:00:00
packetstorm
packetstorm
TLS Renegotiation Exploit
2009-12-21 00:00:00
f5
f5
K10737 : SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541
2013-07-05 00:00:00
SOL10737 - SSL Renegotiation vulnerability - CVE-2009-3555 / VU#120541
2009-11-05 00:00:00
openssl
openssl
Vulnerability in OpenSSL CVE-2009-3555
2009-11-05 00:00:00
ubuntucve
ubuntucve
CVE-2009-3555
2009-11-09 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-09:15.ssl
2009-12-03 00:00:00
checkpoint_advisories
checkpoint_advisories
TLS Renegotiation (CVE-2009-3555)
2009-11-22 00:00:00
TLS Client Initiated Renegotiation (CVE-2009-3555)
2009-11-23 00:00:00
Preemptive Protection against TLS and SSL Spoofing Vulnerability
2010-02-09 00:00:00
osv
osv
Apache Tomcat affected by vulnerability in TLS and SSL protocol
2022-05-02 03:46:22
exploitpack
exploitpack
TLS - Renegotiation
2009-12-21 00:00:00
cert
cert
SSL and TLS protocols renegotiation vulnerability
2009-11-11 00:00:00
debiancve
debiancve
CVE-2009-3555
2009-11-09 17:30:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities have been identified in IBM Tivoli Netcool/OMNIbus Probe for Network Node Manager i (CVE-2009-3555)
2020-06-23 08:41:14
nginx
nginx
The renegotiation vulnerability in SSL protocol
2009-11-09 17:30:00
github
github
Apache Tomcat affected by vulnerability in TLS and SSL protocol
2022-05-02 03:46:22
mozilla
mozilla
Update NSS to support TLS renegotiation indication — Mozilla
2010-03-30 00:00:00
suse
suse
man-in-the-middle attack in openssl
2009-11-18 09:50:39

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

74.8%

JSON
Related for OPERA_1050.NASL
prion2nvd2openvas64cve1cvelist2nessus63ubuntu4securityvulns7veracode1debian6fedora9fortinet1seebug4cisco2oraclelinux2centos2altlinux4slackware1hackerone1redhat3packetstorm1f52openssl1ubuntucve1freebsd_advisory1checkpoint_advisories3osv1exploitpack1cert1debiancve1ibm1nginx1github1mozilla1suse1