Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.OPERA_1100.NASL
HistoryDec 17, 2010 - 12:00 a.m.

Opera < 11 Multiple Vulnerabilities

2010-12-1700:00:00
This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
www.tenable.com
9

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.8%

JSON

The version of Opera installed on the remote host is earlier than 11.00. Such versions are potentially affected by the following issues :

  • An error exists such that web page content can be displayed over dialog boxes leading to security warning misrepresentation. (977, CVE-2010-4579)

  • An error exists such that WAP form contents can be leaked to third-party sites. (979, CVE-2010-4580)

  • An unspecified high severity issue with unknown impact exists. (CVE-2010-4581)

  • An error exists in the handling of security policies during extension updates. (CVE-2010-4582)

  • An error exists when ‘Opera Turbo’ is enabled that does not display a page’s security information correctly. (CVE-2010-4583)

  • An error exists when viewing sites over HTTPS such that problems with X.509 certificates are not displayed properly. (CVE-2010-4584)

  • An error exists in the automatic update functionality that allows an attacker to cause a denial of service by crashing the application. (CVE-2010-4585)

  • The ‘WebSockets’ implementation contains unspecified errors with unknown impact. (CVE-2010-4586)

  • An error exists in the implementation of the ‘Insecure Third Party Module’ warning messages that results in an unspecified vulnerability. (CVE-2010-4587)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(51343);
  script_version("1.10");
  script_cvs_date("Date: 2018/11/15 20:50:27");

  script_cve_id(
    "CVE-2010-4579","CVE-2010-4580","CVE-2010-4581","CVE-2010-4582",
    "CVE-2010-4583","CVE-2010-4584","CVE-2010-4585","CVE-2010-4586",
    "CVE-2010-4587"
  );
  script_bugtraq_id(45461);
  script_xref(name:"Secunia", value:"42653");

  script_name(english:"Opera < 11 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Opera");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The version of Opera installed on the remote host is earlier than
11.00.  Such versions are potentially affected by the following 
issues :

  - An error exists such that web page content can be
    displayed over dialog boxes leading to security
    warning misrepresentation. (977, CVE-2010-4579)

  - An error exists such that WAP form contents can be 
    leaked to third-party sites. (979, CVE-2010-4580)

  - An unspecified high severity issue with unknown
    impact exists. (CVE-2010-4581)

  - An error exists in the handling of security policies
    during extension updates. (CVE-2010-4582)

  - An error exists when 'Opera Turbo' is enabled that 
    does not display a page's security information 
    correctly. (CVE-2010-4583)

  - An error exists when viewing sites over HTTPS such that
    problems with X.509 certificates are not displayed
    properly. (CVE-2010-4584)

  - An error exists in the automatic update functionality 
    that allows an attacker to cause a denial of service
    by crashing the application. (CVE-2010-4585)

  - The 'WebSockets' implementation contains unspecified 
    errors with unknown impact. (CVE-2010-4586)

  - An error exists in the implementation of the 'Insecure 
    Third Party Module' warning messages that results in an 
    unspecified vulnerability. (CVE-2010-4587)"
  );
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170901003842/http://www.opera.com/docs/changelogs/windows/1100/");
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225221042/http://www.opera.com/support/kb/view/977/");
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225211759/http://www.opera.com/support/kb/view/979/");
  script_set_attribute(attribute:"solution", value:"Upgrade to Opera 11 or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/12/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/12/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/17");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");

  script_dependencies("opera_installed.nasl");
  script_require_keys("SMB/Opera/Version");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("SMB/Opera/Version");

version_ui = get_kb_item("SMB/Opera/Version_UI");
if (isnull(version_ui)) version_report = version;
else version_report = version_ui;

install_path = get_kb_item("SMB/Opera/Path");

if (ver_compare(ver:version, fix:'11.0.1156.0') == -1)
{
  if (report_verbosity > 0)
  {
    report = 
      '\n  Path              : ' + install_path +
      '\n  Installed version : ' + version_report +
      '\n  Fixed version     : 11.00\n';
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(port:get_kb_item("SMB/transport"));
  exit(0);
}
else exit(0, "The host is not affected since Opera "+version_report+" is installed.");
VendorProductVersionCPE
operaopera_browsercpe:/a:opera:opera_browser

Related

openvas 4
nessus 4
cve 9
prion 9
nvd 9
cvelist 9
gentoo 1
openvas
openvas
Opera Browser Multiple Vulnerabilities (Dec 2010) - Windows
2010-12-27 00:00:00
Opera Browser Multiple Vulnerabilities December-10 (Windows)
2010-12-27 00:00:00
Gentoo Security Advisory GLSA 201206-03 (Opera)
2012-08-10 00:00:00
nessus
nessus
openSUSE Security Update : opera (openSUSE-SU-2010:1094-1)
2014-06-13 00:00:00
openSUSE Security Update : opera (openSUSE-SU-2010:1094-1)
2011-05-05 00:00:00
openSUSE Security Update : opera (openSUSE-SU-2010:1094-1)
2011-05-05 00:00:00
cve
cve
CVE-2010-4585
2010-12-22 03:00:03
CVE-2010-4582
2010-12-22 03:00:03
CVE-2010-4583
2010-12-22 03:00:03
prion
prion
Code injection
2010-12-22 03:00:00
Design/Logic Flaw
2010-12-22 03:00:00
Design/Logic Flaw
2010-12-22 03:00:00
nvd
nvd
CVE-2010-4583
2010-12-22 03:00:03
CVE-2010-4580
2010-12-22 03:00:03
CVE-2010-4587
2010-12-22 03:00:03
cvelist
cvelist
CVE-2010-4581
2010-12-22 01:00:00
CVE-2010-4583
2010-12-22 01:00:00
CVE-2010-4580
2010-12-22 01:00:00
gentoo
gentoo
Opera: Multiple vulnerabilities
2012-06-15 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.013 Low

EPSS

Percentile

85.8%

JSON
Related for OPERA_1100.NASL
openvas4nessus4cve9prion9nvd9cvelist9gentoo1