Detections
Analytics

FreeBSD : opera -- multiple vulnerabilities (a4a809d8-25c8-11e1-b531-00215c6a37bb) (BEAST)

critical Nessus Plugin ID 57294

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Opera software reports :

- Fixed a moderately severe issue; details will be disclosed at a later date

- Fixed an issue that could allow pages to set cookies or communicate cross-site for some top level domains; see our advisory

- Improved handling of certificate revocation corner cases

- Added a fix for a weakness in the SSL v3.0 and TLS 1.0 specifications, as reported by Thai Duong and Juliano Rizzo; see our advisory

- Fixed an issue where the JavaScript 'in' operator allowed leakage of cross-domain information, as reported by David Bloom; see our advisory

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?21e02e7d

http://www.nessus.org/u?ab850084

http://www.nessus.org/u?2a634c7c

http://www.nessus.org/u?7de99597

Plugin Details

Severity: Critical

ID: 57294

File Name: freebsd_pkg_a4a809d825c811e1b53100215c6a37bb.nasl

Version: 1.16

Type: local

Published: 12/14/2011

Updated: 12/5/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:linux-opera, p-cpe:/a:freebsd:freebsd:opera, p-cpe:/a:freebsd:freebsd:opera-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/13/2011

Vulnerability Publication Date: 12/6/2011

Reference Information

CVE: CVE-2011-3389, CVE-2011-4681, CVE-2011-4682, CVE-2011-4683