Opera < 9.60 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 4706

Synopsis

The remote host contains a web browser that is affected by several issues.

Description

The version of Opera installed on the remote host is earlier than 9.60 and is reportedly affected by several issues :
- Specially crafted URLs can cause Opera to crash or allow arbitrary code execution.
- Once a Java applet has been cached, a page that can predict the cache path for that applet can load it from cache thereby causing it to run in the security context of the local machine, allowing for reading of other files from the cache.

Solution

Upgrade to version 9.60 or higher.

See Also

http://www.opera.com/support/search/view/901

http://www.opera.com/support/search/view/902

http://www.opera.com/docs/changelogs/windows/960

Plugin Details

Severity: Medium

ID: 4706

Family: Web Clients

Published: 10/8/2008

Updated: 3/6/2019

Nessus ID: 34368

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:opera:opera_browser

Reference Information

CVE: CVE-2008-4694, CVE-2008-4695

BID: 31631, 31643