CVE-2011-0684

MEDIUM

Description

Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, via an unknown response manipulation.

References

http://osvdb.org/70730

http://secunia.com/advisories/43023

http://www.opera.com/docs/changelogs/mac/1101/

http://www.opera.com/docs/changelogs/unix/1101/

http://www.opera.com/docs/changelogs/windows/1101/

http://www.opera.com/support/kb/view/984/

http://www.securityfocus.com/bid/46036

http://www.vupen.com/english/advisories/2011/0231

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12296

Details

Source: MITRE

Published: 2011-01-31

Updated: 2017-09-19

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM