Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.OPERA_1200.NASL
HistoryJun 18, 2012 - 12:00 a.m.

Opera < 12 Multiple Vulnerabilities

2012-06-1800:00:00
This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
www.tenable.com
14

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.3%

JSON

The version of Opera installed on the remote host is prior to 12.00.
It is, therefore, affected by multiple vulnerabilities :

  • An error exists that can allow the address bar to display incorrect locations due to certain combinations of navigation, reloads and redirects, which can aid in phishing attacks. (1018)

  • An error in JSON handling can allow cross-site scripting attacks. (1019)

  • An error exists related to handling double-click actions and new windows that can be used in cross-site scripting attacks. (1020)

  • An error exists in the handling of window focus that can allow keystrokes to be associated with non-visible windows. (1021)

  • An error in the handling of page loading can allow a malicious page to prevent the loading while showing an incorrect URL in the address bar. (1022)

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
  script_id(59555);
  script_version("1.8");
  script_cvs_date("Date: 2018/11/15 20:50:27");

  script_cve_id(
    "CVE-2012-3555",
    "CVE-2012-3556",
    "CVE-2012-3557",
    "CVE-2012-3558",
    "CVE-2012-3560"
  );
  script_bugtraq_id(54011, 73573);

  script_name(english:"Opera < 12 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Opera");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Opera installed on the remote host is prior to 12.00.
It is, therefore, affected by multiple vulnerabilities :

  - An error exists that can allow the address bar to
    display incorrect locations due to certain combinations
    of navigation, reloads and redirects, which can aid in
    phishing attacks. (1018)

  - An error in JSON handling can allow cross-site
    scripting attacks. (1019)

  - An error exists related to handling double-click
    actions and new windows that can be used in cross-site
    scripting attacks. (1020)

  - An error exists in the handling of window focus that
    can allow keystrokes to be associated with non-visible
    windows. (1021)

  - An error in the handling of page loading can allow a
    malicious page to prevent the loading while showing an
    incorrect URL in the address bar. (1022)");
    
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130223102618/http://www.opera.com/support/kb/view/1018/");
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130223102614/http://www.opera.com/support/kb/view/1019/");
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130223102611/http://www.opera.com/support/kb/view/1020/");
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130223102607/http://www.opera.com/support/kb/view/1021/");
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130223102621/http://www.opera.com/support/kb/view/1022/");
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170706172542/http://www.opera.com/docs/changelogs/windows/1200/");
  script_set_attribute(attribute:"solution", value: "Upgrade to Opera 12 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
 
  script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/06/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");

  script_dependencies("opera_installed.nasl");
  script_require_keys("SMB/Opera/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

path = get_kb_item_or_exit("SMB/Opera/Path");
version = get_kb_item_or_exit("SMB/Opera/Version");
version_ui = get_kb_item("SMB/Opera/Version_UI");

if (isnull(version_ui)) version_report = version;
else version_report = version_ui; 

fixed_version = "12.0.1467.0";

# Check if we need to display full version info in case of Alpha/Beta/RC
major_minor = eregmatch(string:version, pattern:"^([0-9]+\.[0-9]+)");
if (major_minor[1] == "12.00")
{
  fixed_version_report = fixed_version;
  version_report = version;
}
else fixed_version_report = "12.00";

if (ver_compare(ver:version, fix:fixed_version) == -1)
{
  port = get_kb_item("SMB/transport");
  set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
  if (report_verbosity > 0)
  {
    report = 
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version_report +
      '\n  Fixed version     : ' + fixed_version_report +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Opera", version_report, path);
VendorProductVersionCPE
operaopera_browsercpe:/a:opera:opera_browser

Related

openvas 8
prion 5
cvelist 5
cve 5
nvd 5
securityvulns 1
nessus 1
gentoo 1
openvas
openvas
Opera Multiple Vulnerabilities - June12 (Windows)
2012-06-21 00:00:00
Opera Multiple Vulnerabilities - June12 (Linux)
2012-06-21 00:00:00
Opera Multiple Vulnerabilities (Jun 2012) - Mac OS X
2012-06-21 00:00:00
prion
prion
Design/Logic Flaw
2012-06-14 19:55:00
Cross site scripting
2012-06-14 19:55:00
Cross site scripting
2012-06-14 19:55:00
cvelist
cvelist
CVE-2012-3556
2022-10-03 16:15:22
CVE-2012-3558
2022-10-03 16:15:23
CVE-2012-3557
2022-10-03 16:15:23
cve
cve
CVE-2012-3558
2022-10-03 16:15:23
CVE-2012-3556
2022-10-03 16:15:22
CVE-2012-3557
2022-10-03 16:15:23
nvd
nvd
CVE-2012-3558
2012-06-14 19:55:01
CVE-2012-3556
2012-06-14 19:55:00
CVE-2012-3557
2012-06-14 19:55:01
securityvulns
securityvulns
Opera URL spoof
2012-06-17 00:00:00
nessus
nessus
GLSA-201206-03 : Opera: Multiple vulnerabilities
2012-06-21 00:00:00
gentoo
gentoo
Opera: Multiple vulnerabilities
2012-06-15 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.3%

JSON
Related for OPERA_1200.NASL
openvas8prion5cvelist5cve5nvd5securityvulns1nessus1gentoo1