Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2009 Greenbone AGOPENVAS:1361412562310800652
HistoryJul 09, 2009 - 12:00 a.m.

Opera Web Browser 'Refresh' Header XSS Vulnerabilities - Linux

2009-07-0900:00:00
Copyright (C) 2009 Greenbone AG
plugins.openvas.org
10

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.8%

JSON

Opera Web Browser is prone to a cross-site scripting (XSS) vulnerability.

# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.800652");
  script_version("2024-02-15T05:05:39+0000");
  script_tag(name:"last_modification", value:"2024-02-15 05:05:39 +0000 (Thu, 15 Feb 2024)");
  script_tag(name:"creation_date", value:"2009-07-09 10:58:23 +0200 (Thu, 09 Jul 2009)");
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_cve_id("CVE-2009-2351");
  script_name("Opera Web Browser 'Refresh' Header XSS Vulnerabilities - Linux");
  script_xref(name:"URL", value:"http://www.securityfocus.com/archive/1/archive/1/504718/100/0/threaded");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/35571");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 Greenbone AG");
  script_family("General");
  script_dependencies("secpod_opera_detection_linux_900037.nasl");
  script_mandatory_keys("Opera/Linux/Version");
  script_tag(name:"impact", value:"Successful remote attack could execute arbitrary script code in the context
  of the user running the application and to steal cookie-based authentication
  credentials and other sensitive data that may aid in further attacks.");
  script_tag(name:"affected", value:"Opera version 9.52 and prior on Linux.");
  script_tag(name:"insight", value:"Flaw is due to error in Refresh headers in HTTP responses. It does not block
  javascript: URIs, while injecting a Refresh header or specifying the content
  of a Refresh header");
  script_tag(name:"solution", value:"Upgrade to Opera version 9.64 or later.");
  script_tag(name:"summary", value:"Opera Web Browser is prone to a cross-site scripting (XSS) vulnerability.");
  script_tag(name:"qod_type", value:"executable_version");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("version_func.inc");

operaVer = get_kb_item("Opera/Linux/Version");
if(!operaVer){
  exit(0);
}

if(version_is_less_equal(version:operaVer, test_version:"9.52")){
  report = report_fixed_ver(installed_version:operaVer, vulnerable_range:"Less than or equal to 9.52");
  security_message(port: 0, data: report);
}

Related

openvas 3
prion 1
cve 1
openvas
openvas
Opera Web Browser 'Refresh' Header XSS Vulnerabilities - Windows
2009-07-09 00:00:00
Opera Web Browser 'Refresh' Header XSS Vulnerabilities (Linux)
2009-07-09 00:00:00
Opera Web Browser 'Refresh' Header XSS Vulnerabilities (Windows)
2009-07-09 00:00:00
prion
prion
Cross site scripting
2009-07-07 23:30:00
cve
cve
CVE-2009-2351
2009-07-07 23:30:00

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.8%

JSON
Related for OPENVAS:1361412562310800652
openvas3prion1cve1