CVE-2008-4199

medium

Description

Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/44557

http://www.vupen.com/english/advisories/2008/2416

http://www.securityfocus.com/bid/30768

http://www.opera.com/support/search/view/896/

http://www.opera.com/docs/changelogs/windows/952/

http://www.opera.com/docs/changelogs/solaris/952/

http://www.opera.com/docs/changelogs/mac/952/

http://www.opera.com/docs/changelogs/linux/952/

http://www.opera.com/docs/changelogs/freebsd/952/

http://www.openwall.com/lists/oss-security/2008/09/24/4

http://www.openwall.com/lists/oss-security/2008/09/19/2

http://securitytracker.com/id?1020722

http://security.gentoo.org/glsa/glsa-200811-01.xml

http://secunia.com/advisories/32538

http://secunia.com/advisories/31549

http://bugs.gentoo.org/show_bug.cgi?id=235298

Details

Source: Mitre, NVD

Published: 2008-09-27

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.0068