Design/Logic Flaw

2009-06-1519:30:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

50.3%

JSON

Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site’s context, by modifying an http page to include an https iframe that references a script file on an http site, related to “HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.”

CPENameOperatorVersion
opera_browsereq7.23
opera_browsereq9.02
opera_browsereq7.53
opera_browsereq8.50
opera_browsereq8.53
opera_browsereq9.12
opera_browsereq8.0
opera_browserle9.22
opera_browsereq8.54
opera_browsereq8.02

Name	Operator	Version
opera_browser	eq	7.23
opera_browser	eq	9.02
opera_browser	eq	7.53
opera_browser	eq	8.50
opera_browser	eq	8.53
opera_browser	eq	9.12
opera_browser	eq	8.0
opera_browser	le	9.22
opera_browser	eq	8.54
opera_browser	eq	8.02