Search...

Opera 'X.509' Certificates Spoofing Vulnerability (Linux)

2012-06-12T00:00:00

ID OPENVAS:802436
Type openvas
Reporter Copyright (c) 2012 Greenbone Networks GmbH
Modified 2017-04-07T00:00:00

Description

The host is installed with Opera and is prone to spoofing vulnerability

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_opera_x509_cert_spoofing_vuln_lin.nasl 5888 2017-04-07 09:01:53Z teissa $
#
# Opera 'X.509' Certificates Spoofing Vulnerability (Linux)
#
# Authors:
# Antu Sanadi &lt;santu@secpod.com&gt;
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation will allow remote attackers to spoof servers and
  obtain sensitive information.
  Impact Level: Application";
tag_affected = "Opera version prior to 9.63 on Linux";
tag_insight = "The flaw is due to an error in handling of certificates, It does not properly
  verify 'X.509' certificates from SSL servers.";
tag_solution = "Upgrade to Opera 9.63 or later,
  For updates refer to http://www.opera.com/";
tag_summary = "The host is installed with Opera and is prone to spoofing
  vulnerability";

if(description)
{
  script_id(802436);
  script_version("$Revision: 5888 $");
  script_cve_id("CVE-2012-1251");
  script_tag(name:"cvss_base", value:"5.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_tag(name:"last_modification", value:"$Date: 2017-04-07 11:01:53 +0200 (Fri, 07 Apr 2017) $");
  script_tag(name:"creation_date", value:"2012-06-12 16:15:21 +0530 (Tue, 12 Jun 2012)");
  script_name("Opera 'X.509' Certificates Spoofing Vulnerability (Linux)");
  script_xref(name : "URL" , value : "http://jvn.jp/en/jp/JVN39707339/index.html");
  script_xref(name : "URL" , value : "http://www.opera.com/docs/changelogs/unix/963/");
  script_xref(name : "URL" , value : "http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000049.html");

  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("secpod_opera_detection_linux_900037.nasl");
  script_require_keys("Opera/Linux/Version");
  script_tag(name : "impact" , value : tag_impact);
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name:"qod_type", value:"executable_version");
  script_tag(name:"solution_type", value:"VendorFix");
  exit(0);
}

include("version_func.inc");

operaVer = "";

operaVer = get_kb_item("Opera/Linux/Version");
if(!operaVer){
  exit(0);
}

# Check for opera version is less than 9.63
if(version_is_less(version:operaVer, test_version:"9.63")){
  security_message(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:802436", "type": "openvas", "bulletinFamily": "scanner", "title": "Opera 'X.509' Certificates Spoofing Vulnerability (Linux)", "description": "The host is installed with Opera and is prone to spoofing\n vulnerability", "published": "2012-06-12T00:00:00", "modified": "2017-04-07T00:00:00", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=802436", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://jvn.jp/en/jp/JVN39707339/index.html", "http://www.opera.com/docs/changelogs/unix/963/", "http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000049.html"], "cvelist": ["CVE-2012-1251"], "lastseen": "2017-07-02T21:10:33", "viewCount": 0, "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2017-07-02T21:10:33", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-1251"]}, {"type": "jvn", "idList": ["JVN:39707339"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310802436", "OPENVAS:802437", "OPENVAS:802435", "OPENVAS:1361412562310802435", "OPENVAS:1361412562310802437"]}, {"type": "nessus", "idList": ["OPERA_963.NASL"]}], "modified": "2017-07-02T21:10:33", "rev": 2}, "vulnersScore": 5.4}, "pluginID": "802436", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_opera_x509_cert_spoofing_vuln_lin.nasl 5888 2017-04-07 09:01:53Z teissa $\n#\n# Opera 'X.509' Certificates Spoofing Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to spoof servers and\n obtain sensitive information.\n Impact Level: Application\";\ntag_affected = \"Opera version prior to 9.63 on Linux\";\ntag_insight = \"The flaw is due to an error in handling of certificates, It does not properly\n verify 'X.509' certificates from SSL servers.\";\ntag_solution = \"Upgrade to Opera 9.63 or later,\n For updates refer to http://www.opera.com/\";\ntag_summary = \"The host is installed with Opera and is prone to spoofing\n vulnerability\";\n\nif(description)\n{\n script_id(802436);\n script_version(\"$Revision: 5888 $\");\n script_cve_id(\"CVE-2012-1251\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-07 11:01:53 +0200 (Fri, 07 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-12 16:15:21 +0530 (Tue, 12 Jun 2012)\");\n script_name(\"Opera 'X.509' Certificates Spoofing Vulnerability (Linux)\");\n script_xref(name : \"URL\" , value : \"http://jvn.jp/en/jp/JVN39707339/index.html\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/docs/changelogs/unix/963/\");\n script_xref(name : \"URL\" , value : \"http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000049.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_opera_detection_linux_900037.nasl\");\n script_require_keys(\"Opera/Linux/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = \"\";\n\noperaVer = get_kb_item(\"Opera/Linux/Version\");\nif(!operaVer){\n exit(0);\n}\n\n# Check for opera version is less than 9.63\nif(version_is_less(version:operaVer, test_version:\"9.63\")){\n security_message(0);\n}\n", "naslFamily": "General", "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:59:46", "description": "Opera before 9.63 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.", "edition": 7, "cvss3": {}, "published": "2012-06-04T17:55:00", "title": "CVE-2012-1251", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-1251"], "modified": "2014-03-05T19:12:00", "cpe": ["cpe:/a:opera:opera_browser:9.61", "cpe:/a:opera:opera_browser:8.53", "cpe:/a:opera:opera_browser:3.21", "cpe:/a:opera:opera_browser:3.62", "cpe:/a:opera:opera_browser:7.21", "cpe:/a:opera:opera_browser:6.1", "cpe:/a:opera:opera_browser:7.50", "cpe:/a:opera:opera_browser:9.27", "cpe:/a:opera:opera_browser:7.03", "cpe:/a:opera:opera_browser:5.11", "cpe:/a:opera:opera_browser:8.0", "cpe:/a:opera:opera_browser:1.00", "cpe:/a:opera:opera_browser:8.54", "cpe:/a:opera:opera_browser:7.51", "cpe:/a:opera:opera_browser:7.22", "cpe:/a:opera:opera_browser:8.50", "cpe:/a:opera:opera_browser:6.06", "cpe:/a:opera:opera_browser:9.0", "cpe:/a:opera:opera_browser:9.20", "cpe:/a:opera:opera_browser:7.20", "cpe:/a:opera:opera_browser:7.0", "cpe:/a:opera:opera_browser:3.51", "cpe:/a:opera:opera_browser:2.00", "cpe:/a:opera:opera_browser:3.50", "cpe:/a:opera:opera_browser:9.26", "cpe:/a:opera:opera_browser:2.10", "cpe:/a:opera:opera_browser:2.12", "cpe:/a:opera:opera_browser:4.02", "cpe:/a:opera:opera_browser:6.11", "cpe:/a:opera:opera_browser:9.23", "cpe:/a:opera:opera_browser:8.02", "cpe:/a:opera:opera_browser:6.02", "cpe:/a:opera:opera_browser:5.02", "cpe:/a:opera:opera_browser:5.0", "cpe:/a:opera:opera_browser:8.51", "cpe:/a:opera:opera_browser:8.01", "cpe:/a:opera:opera_browser:9.25", "cpe:/a:opera:opera_browser:6.04", "cpe:/a:opera:opera_browser:9.50", "cpe:/a:opera:opera_browser:4.01", "cpe:/a:opera:opera_browser:9.60", "cpe:/a:opera:opera_browser:6.01", "cpe:/a:opera:opera_browser:9.21", "cpe:/a:opera:opera_browser:6.03", "cpe:/a:opera:opera_browser:3.00", "cpe:/a:opera:opera_browser:9.52", "cpe:/a:opera:opera_browser:9.12", "cpe:/a:opera:opera_browser:9.24", "cpe:/a:opera:opera_browser:7.52", "cpe:/a:opera:opera_browser:7.54", "cpe:/a:opera:opera_browser:7.60", "cpe:/a:opera:opera_browser:9.62", "cpe:/a:opera:opera_browser:6.12", "cpe:/a:opera:opera_browser:9.51", "cpe:/a:opera:opera_browser:6.0", "cpe:/a:opera:opera_browser:7.10", "cpe:/a:opera:opera_browser:7.53", "cpe:/a:opera:opera_browser:3.60", "cpe:/a:opera:opera_browser:5.10", "cpe:/a:opera:opera_browser:5.12", "cpe:/a:opera:opera_browser:7.01", "cpe:/a:opera:opera_browser:9.02", "cpe:/a:opera:opera_browser:9.22", "cpe:/a:opera:opera_browser:3.10", "cpe:/a:opera:opera_browser:8.52", "cpe:/a:opera:opera_browser:3.61", "cpe:/a:opera:opera_browser:9.10", "cpe:/a:opera:opera_browser:9.01", "cpe:/a:opera:opera_browser:4.00", "cpe:/a:opera:opera_browser:6.05", "cpe:/a:opera:opera_browser:7.02", "cpe:/a:opera:opera_browser:7.11", "cpe:/a:opera:opera_browser:7.23"], "id": "CVE-2012-1251", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1251", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:opera:opera_browser:1.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.62:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.25:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.61:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.27:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta6:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.26:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.60:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.10:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.12:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.24:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.50:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:beta:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:2.10:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:4.00:beta5:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.00:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:opera:opera_browser:3.62:beta:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:10:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1251"], "description": "The host is installed with Opera and is prone to spoofing\n vulnerability", "modified": "2017-04-14T00:00:00", "published": "2012-06-12T00:00:00", "id": "OPENVAS:802437", "href": "http://plugins.openvas.org/nasl.php?oid=802437", "type": "openvas", "title": "Opera 'X.509' Certificates Spoofing Vulnerability (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_opera_x509_cert_spoofing_vuln_macosx.nasl 5956 2017-04-14 09:02:12Z teissa $\n#\n# Opera 'X.509' Certificates Spoofing Vulnerability (Mac OS X)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to spoof servers and\n obtain sensitive information.\n Impact Level: Application\";\ntag_affected = \"Opera version prior to 9.63 on Mac OS X\";\ntag_insight = \"The flaw is due to an error in handling of certificates, It does not properly\n verify 'X.509' certificates from SSL servers.\";\ntag_solution = \"Upgrade to Opera 9.63 or later,\n For updates refer to http://www.opera.com/\";\ntag_summary = \"The host is installed with Opera and is prone to spoofing\n vulnerability\";\n\nif(description)\n{\n script_id(802437);\n script_version(\"$Revision: 5956 $\");\n script_cve_id(\"CVE-2012-1251\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-14 11:02:12 +0200 (Fri, 14 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-12 16:35:11 +0530 (Tue, 12 Jun 2012)\");\n script_name(\"Opera 'X.509' Certificates Spoofing Vulnerability (Mac OS X)\");\n script_xref(name : \"URL\" , value : \"http://jvn.jp/en/jp/JVN39707339/index.html\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/docs/changelogs/mac/963/\");\n script_xref(name : \"URL\" , value : \"http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000049.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_opera_detect_macosx.nasl\");\n script_require_keys(\"Opera/MacOSX/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = \"\";\n\noperaVer = get_kb_item(\"Opera/MacOSX/Version\");\nif(!operaVer){\n exit(0);\n}\n\n# Check for opera version is less than 9.63\nif(version_is_less(version:operaVer, test_version:\"9.63\")){\n security_message(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-04-26T15:07:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1251"], "description": "The host is installed with Opera and is prone to spoofing\n vulnerability", "modified": "2020-04-22T00:00:00", "published": "2012-06-12T00:00:00", "id": "OPENVAS:1361412562310802435", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802435", "type": "openvas", "title": "Opera 'X.509' Certificates Spoofing Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Opera 'X.509' Certificates Spoofing Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802435\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2012-1251\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-06-12 16:10:48 +0530 (Tue, 12 Jun 2012)\");\n script_name(\"Opera 'X.509' Certificates Spoofing Vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"http://jvn.jp/en/jp/JVN39707339/index.html\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/docs/changelogs/windows/963/\");\n script_xref(name:\"URL\", value:\"http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000049.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_opera_detect_portable_win.nasl\");\n script_mandatory_keys(\"Opera/Win/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to spoof servers and\n obtain sensitive information.\");\n script_tag(name:\"affected\", value:\"Opera version prior to 9.63 on Windows\");\n script_tag(name:\"insight\", value:\"The flaw is due to an error in handling of certificates, It does not properly\n verify 'X.509' certificates from SSL servers.\");\n script_tag(name:\"solution\", value:\"Upgrade to Opera 9.63 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Opera and is prone to spoofing\n vulnerability\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/Win/Version\");\nif(!operaVer){\n exit(0);\n}\n\nif(version_is_less(version:operaVer, test_version:\"9.63\")){\n report = report_fixed_ver(installed_version:operaVer, fixed_version:\"9.63\");\n security_message(port:0, data:report);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-04-26T15:08:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1251"], "description": "The host is installed with Opera and is prone to spoofing\n vulnerability", "modified": "2020-04-22T00:00:00", "published": "2012-06-12T00:00:00", "id": "OPENVAS:1361412562310802437", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802437", "type": "openvas", "title": "Opera 'X.509' Certificates Spoofing Vulnerability (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Opera 'X.509' Certificates Spoofing Vulnerability (Mac OS X)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802437\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2012-1251\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-06-12 16:35:11 +0530 (Tue, 12 Jun 2012)\");\n script_name(\"Opera 'X.509' Certificates Spoofing Vulnerability (Mac OS X)\");\n script_xref(name:\"URL\", value:\"http://jvn.jp/en/jp/JVN39707339/index.html\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/docs/changelogs/mac/963/\");\n script_xref(name:\"URL\", value:\"http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000049.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_opera_detect_macosx.nasl\");\n script_mandatory_keys(\"Opera/MacOSX/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to spoof servers and\n obtain sensitive information.\");\n script_tag(name:\"affected\", value:\"Opera version prior to 9.63 on Mac OS X\");\n script_tag(name:\"insight\", value:\"The flaw is due to an error in handling of certificates, It does not properly\n verify 'X.509' certificates from SSL servers.\");\n script_tag(name:\"solution\", value:\"Upgrade to Opera 9.63 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Opera and is prone to spoofing\n vulnerability\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/MacOSX/Version\");\nif(!operaVer){\n exit(0);\n}\n\nif(version_is_less(version:operaVer, test_version:\"9.63\")){\n report = report_fixed_ver(installed_version:operaVer, fixed_version:\"9.63\");\n security_message(port:0, data:report);\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-04-26T15:09:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1251"], "description": "The host is installed with Opera and is prone to a spoofing\n vulnerability", "modified": "2020-04-22T00:00:00", "published": "2012-06-12T00:00:00", "id": "OPENVAS:1361412562310802436", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802436", "type": "openvas", "title": "Opera 'X.509' Certificates Spoofing Vulnerability (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Opera 'X.509' Certificates Spoofing Vulnerability (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802436\");\n script_version(\"2020-04-22T10:27:30+0000\");\n script_cve_id(\"CVE-2012-1251\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-22 10:27:30 +0000 (Wed, 22 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2012-06-12 16:15:21 +0530 (Tue, 12 Jun 2012)\");\n script_name(\"Opera 'X.509' Certificates Spoofing Vulnerability (Linux)\");\n script_xref(name:\"URL\", value:\"http://jvn.jp/en/jp/JVN39707339/index.html\");\n script_xref(name:\"URL\", value:\"http://www.opera.com/docs/changelogs/unix/963/\");\n script_xref(name:\"URL\", value:\"http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000049.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_opera_detection_linux_900037.nasl\");\n script_mandatory_keys(\"Opera/Linux/Version\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to spoof servers and\n obtain sensitive information.\");\n script_tag(name:\"affected\", value:\"Opera version prior to 9.63 on Linux\");\n script_tag(name:\"insight\", value:\"The flaw is due to an error in handling of certificates, it does not properly\n verify 'X.509' certificates from SSL servers.\");\n script_tag(name:\"solution\", value:\"Upgrade to Opera 9.63 or later.\");\n script_tag(name:\"summary\", value:\"The host is installed with Opera and is prone to a spoofing\n vulnerability\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = get_kb_item(\"Opera/Linux/Version\");\nif(!operaVer){\n exit(0);\n}\n\nif(version_is_less(version:operaVer, test_version:\"9.63\")){\n report = report_fixed_ver(installed_version:operaVer, fixed_version:\"9.63\");\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2017-07-02T21:10:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1251"], "description": "The host is installed with Opera and is prone to spoofing\n vulnerability", "modified": "2017-04-21T00:00:00", "published": "2012-06-12T00:00:00", "id": "OPENVAS:802435", "href": "http://plugins.openvas.org/nasl.php?oid=802435", "type": "openvas", "title": "Opera 'X.509' Certificates Spoofing Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_opera_x509_cert_spoofing_vuln_win.nasl 5999 2017-04-21 09:02:32Z teissa $\n#\n# Opera 'X.509' Certificates Spoofing Vulnerability (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to spoof servers and\n obtain sensitive information.\n Impact Level: Application\";\ntag_affected = \"Opera version prior to 9.63 on Windows\";\ntag_insight = \"The flaw is due to an error in handling of certificates, It does not properly\n verify 'X.509' certificates from SSL servers.\";\ntag_solution = \"Upgrade to Opera 9.63 or later,\n For updates refer to http://www.opera.com/\";\ntag_summary = \"The host is installed with Opera and is prone to spoofing\n vulnerability\";\n\nif(description)\n{\n script_id(802435);\n script_version(\"$Revision: 5999 $\");\n script_cve_id(\"CVE-2012-1251\");\n script_tag(name:\"cvss_base\", value:\"5.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-21 11:02:32 +0200 (Fri, 21 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-12 16:10:48 +0530 (Tue, 12 Jun 2012)\");\n script_name(\"Opera 'X.509' Certificates Spoofing Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://jvn.jp/en/jp/JVN39707339/index.html\");\n script_xref(name : \"URL\" , value : \"http://www.opera.com/docs/changelogs/windows/963/\");\n script_xref(name : \"URL\" , value : \"http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000049.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_opera_detection_win_900036.nasl\");\n script_require_keys(\"Opera/Win/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\noperaVer = \"\";\n\noperaVer = get_kb_item(\"Opera/Win/Version\");\nif(!operaVer){\n exit(0);\n}\n\n# Check for opera version is less than 9.63\nif(version_is_less(version:operaVer, test_version:\"9.63\")){\n security_message(0);\n}\n", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "jvn": [{"lastseen": "2019-05-29T17:21:46", "bulletinFamily": "info", "cvelist": ["CVE-2012-1251"], "description": "\n ## Description\n\nOpera is a web browser. Opera contains an issue where it fails to verify SSL server certificates.\n\n ## Impact\n\nThe user may unknowingly connect to a site that is using a certificate not authorized by a CA. As a result, the user may become a victim of phishing.\n\n ## Solution\n\n**Update the software** \nUpdate to the latest version according to the information provided by the developer.\n\n ## Products Affected\n\n * Opera versions prior to 9.63 \n\n", "edition": 4, "modified": "2012-05-30T00:00:00", "published": "2012-05-25T00:00:00", "id": "JVN:39707339", "href": "http://jvn.jp/en/jp/JVN39707339/index.html", "title": "JVN#39707339: Opera fails to verify SSL server certificates", "type": "jvn", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "nessus": [{"lastseen": "2021-04-01T04:55:37", "description": "The version of Opera installed on the remote host is earlier than 9.63\nand thus reportedly affected by several issues :\n\n - It may be possible to execute arbitrary code on the\n remote system by manipulating certain text-area \n contents. (920)\n\n - It may be possible to crash the remote browser using \n certain HTML constructs or inject code under certain \n conditions. (921)\n\n - It may be possible to trigger a buffer overflow, and\n potentially execute arbitrary code, by tricking an \n user to click on a URL that contains exceptionally \n long host names. (922)\n\n - While previewing news feeds, Opera does not correctly\n block certain scripted URLs. Such scripts, if not \n blocked, may be able to subscribe a user to other \n arbitrary feeds and view contents of the feeds to which\n the user is currently subscribed. (923)\n\n - By displaying content using XSLT as escaped strings, it \n may be possible for a website to inject scripted\n markup. (924)\n\n - SSL server certificates are not properly validated due\n to an unspecified error. (CVE-2012-1251)", "edition": 27, "published": "2008-12-16T00:00:00", "title": "Opera < 9.63 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-1251", "CVE-2008-5178"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:opera:opera_browser"], "id": "OPERA_963.NASL", "href": "https://www.tenable.com/plugins/nessus/35185", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35185);\n script_version(\"1.14\");\n\n script_cve_id(\"CVE-2008-5178\", \"CVE-2012-1251\");\n script_bugtraq_id(32323, 32864, 32891);\n\n script_name(english:\"Opera < 9.63 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version number of Opera\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host contains a web browser that is affected by several\nissues.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of Opera installed on the remote host is earlier than 9.63\nand thus reportedly affected by several issues :\n\n - It may be possible to execute arbitrary code on the\n remote system by manipulating certain text-area \n contents. (920)\n\n - It may be possible to crash the remote browser using \n certain HTML constructs or inject code under certain \n conditions. (921)\n\n - It may be possible to trigger a buffer overflow, and\n potentially execute arbitrary code, by tricking an \n user to click on a URL that contains exceptionally \n long host names. (922)\n\n - While previewing news feeds, Opera does not correctly\n block certain scripted URLs. Such scripts, if not \n blocked, may be able to subscribe a user to other \n arbitrary feeds and view contents of the feeds to which\n the user is currently subscribed. (923)\n\n - By displaying content using XSLT as escaped strings, it \n may be possible for a website to inject scripted\n markup. (924)\n\n - SSL server certificates are not properly validated due\n to an unspecified error. (CVE-2012-1251)\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20130225211806/http://www.opera.com/support/kb/view/920/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20130225215248/http://www.opera.com/support/kb/view/921/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20130225211810/http://www.opera.com/support/kb/view/922/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20130225215251/http://www.opera.com/support/kb/view/923/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20130225221045/http://www.opera.com/support/kb/view/924/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20170812134941/http://www.opera.com:80/docs/changelogs/windows/963/\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://jvn.jp/en/jp/JVN39707339/index.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Opera 9.63 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'D2ExploitPack');\n script_cwe_id(119);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2008/12/16\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:opera:opera_browser\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"opera_installed.nasl\");\n script_require_keys(\"SMB/Opera/Version\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\nversion_ui = get_kb_item(\"SMB/Opera/Version_UI\");\nversion = get_kb_item(\"SMB/Opera/Version\");\nif (isnull(version)) exit(0);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n ver[0] < 9 ||\n (\n ver[0] == 9 &&\n (\n ver[1] < 63\n )\n )\n)\n{\n if (report_verbosity && version_ui)\n {\n report = string(\n \"\\n\",\n \"Opera \", version_ui, \" is currently installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}