Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.OPERA_963.NASL
HistoryDec 16, 2008 - 12:00 a.m.

Opera < 9.63 Multiple Vulnerabilities

2008-12-1600:00:00
This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
www.tenable.com
11

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.473 Medium

EPSS

Percentile

97.5%

JSON

The version of Opera installed on the remote host is earlier than 9.63 and thus reportedly affected by several issues :

  • It may be possible to execute arbitrary code on the remote system by manipulating certain text-area contents. (920)

  • It may be possible to crash the remote browser using certain HTML constructs or inject code under certain conditions. (921)

  • It may be possible to trigger a buffer overflow, and potentially execute arbitrary code, by tricking an user to click on a URL that contains exceptionally long host names. (922)

  • While previewing news feeds, Opera does not correctly block certain scripted URLs. Such scripts, if not blocked, may be able to subscribe a user to other arbitrary feeds and view contents of the feeds to which the user is currently subscribed. (923)

  • By displaying content using XSLT as escaped strings, it may be possible for a website to inject scripted markup. (924)

  • SSL server certificates are not properly validated due to an unspecified error. (CVE-2012-1251)

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
  script_id(35185);
  script_version("1.14");

  script_cve_id("CVE-2008-5178", "CVE-2012-1251");
  script_bugtraq_id(32323, 32864, 32891);

  script_name(english:"Opera < 9.63 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Opera");

 script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by several
issues." );
 script_set_attribute(attribute:"description", value:
"The version of Opera installed on the remote host is earlier than 9.63
and thus reportedly affected by several issues :

  - It may be possible to execute arbitrary code on the
    remote system by manipulating certain text-area 
    contents. (920)

  - It may be possible to crash the remote browser using 
    certain HTML constructs or inject code under certain 
    conditions. (921)

  - It may be possible to trigger a buffer overflow, and
    potentially execute arbitrary code, by tricking an 
    user to click on a URL that contains exceptionally 
    long host names. (922)

  - While previewing news feeds, Opera does not correctly
    block certain scripted URLs. Such scripts, if not 
    blocked, may be able to subscribe a user to other 
    arbitrary feeds and view contents of the feeds to which
    the user is currently subscribed. (923)

  - By displaying content using XSLT as escaped strings, it 
    may be possible for a website to inject scripted
    markup. (924)

  - SSL server certificates are not properly validated due
    to an unspecified error. (CVE-2012-1251)" );
 script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225211806/http://www.opera.com/support/kb/view/920/" );
 script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225215248/http://www.opera.com/support/kb/view/921/" );
 script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225211810/http://www.opera.com/support/kb/view/922/" );
 script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225215251/http://www.opera.com/support/kb/view/923/" );
 script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225221045/http://www.opera.com/support/kb/view/924/" );
 script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170812134941/http://www.opera.com:80/docs/changelogs/windows/963/" );
 script_set_attribute(attribute:"see_also", value:"http://jvn.jp/en/jp/JVN39707339/index.html");
 script_set_attribute(attribute:"solution", value:
"Upgrade to Opera 9.63 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'D2ExploitPack');
 script_cwe_id(119);

 script_set_attribute(attribute:"plugin_publication_date", value: "2008/12/16");
 script_cvs_date("Date: 2018/11/15 20:50:28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
script_end_attributes();


  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.");

  script_dependencies("opera_installed.nasl");
  script_require_keys("SMB/Opera/Version");

  exit(0);
}


include("global_settings.inc");

version_ui = get_kb_item("SMB/Opera/Version_UI");
version = get_kb_item("SMB/Opera/Version");
if (isnull(version)) exit(0);

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (
  ver[0] < 9 ||
  (
    ver[0] == 9 &&
    (
      ver[1]  < 63
    )
  )
)
{
  if (report_verbosity && version_ui)
  {
    report = string(
      "\n",
      "Opera ", version_ui, " is currently installed on the remote host.\n"
    );
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(get_kb_item("SMB/transport"));
}
VendorProductVersionCPE
operaopera_browsercpe:/a:opera:opera_browser

Related

cvelist 3
openvas 12
nvd 3
saint 4
cve 3
prion 3
jvn 1
freebsd 1
d2 1
nessus 2
checkpoint_advisories 1
gentoo 1
cvelist
cvelist
CVE-2012-1251
2022-10-03 16:15:26
CVE-2008-5680
2008-12-19 16:09:00
CVE-2008-5178
2008-11-20 15:00:00
openvas
openvas
Opera 'X.509' Certificates Spoofing Vulnerability - Linux
2012-06-12 00:00:00
Opera 'X.509' Certificates Spoofing Vulnerability - Windows
2012-06-12 00:00:00
Opera Web Browser Heap Based Buffer Overflow Vulnerability - Windows
2008-11-21 00:00:00
nvd
nvd
CVE-2012-1251
2012-06-04 17:55:01
CVE-2008-5178
2008-11-20 15:30:00
CVE-2008-5680
2008-12-19 16:30:00
saint
saint
Opera file URI buffer overflow
2009-01-13 00:00:00
Opera file URI buffer overflow
2009-01-13 00:00:00
Opera file URI buffer overflow
2009-01-13 00:00:00
cve
cve
CVE-2012-1251
2022-10-03 16:15:26
CVE-2008-5178
2008-11-20 15:30:00
CVE-2008-5680
2008-12-19 16:30:00
prion
prion
Design/Logic Flaw
2012-06-04 17:55:00
Buffer overflow
2008-12-19 16:30:00
Heap overflow
2008-11-20 15:30:00
jvn
jvn
JVN#39707339: Opera fails to verify SSL server certificates
2012-05-25 00:00:00
freebsd
freebsd
opera -- multiple vulnerabilities
2008-11-18 00:00:00
d2
d2
DSquare Exploit Pack: D2SEC_OPERAHEAP
2008-11-20 15:30:00
nessus
nessus
FreeBSD : opera -- multiple vulnerabilities (225bc349-ce10-11dd-a721-0030843d3802)
2008-12-21 00:00:00
GLSA-200903-30 : Opera: Multiple vulnerabilities
2009-03-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Opera Browser file URI Handling Buffer Overflow (CVE-2008-5178)
2009-12-28 00:00:00
gentoo
gentoo
Opera: Multiple vulnerabilities
2009-03-16 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.473 Medium

EPSS

Percentile

97.5%

JSON
Related for OPERA_963.NASL
cvelist3openvas12nvd3saint4cve3prion3jvn1freebsd1d21nessus2checkpoint_advisories1gentoo1