CVE-2011-4681

MEDIUM

Description

Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as demonstrated by the .no or .uk domain.

References

http://www.opera.com/docs/changelogs/mac/1160/

http://www.opera.com/docs/changelogs/unix/1160/

http://www.opera.com/docs/changelogs/windows/1160/

http://www.opera.com/support/kb/view/1003/

Details

Source: MITRE

Published: 2011-12-07

Updated: 2012-03-06

Type: CWE-264

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.23:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.24:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.25:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.26:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.27:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.50:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.50:beta1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.50:beta2:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.60:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.60:beta1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.61:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.62:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.63:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:9.64:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.00:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.00:beta1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.00:beta2:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.00:beta3:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.01:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.10:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.10:beta1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.50:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.50:beta1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.50:beta2:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.51:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.52:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.53:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.53:b:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.54:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.60:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.60:beta1:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.61:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.62:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:10.63:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:11.00:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:11.00:alpha:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:11.00:beta:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:11.01:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:11.10:alpha:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:11.10:beta:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:11.50:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:11.50:alpha:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:11.50:beta:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:11.51:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:11.52:*:*:*:*:*:*:*

cpe:2.3:a:opera:opera_browser:*:beta:*:*:*:*:*:* versions up to 11.60 (inclusive)

Tenable Plugins

View all (8 total)

ID	Name	Product	Family	Severity
75986	openSUSE Security Update : opera (openSUSE-SU-2011:1314-1)	Nessus	SuSE Local Security Checks	critical
75699	openSUSE Security Update : opera (openSUSE-SU-2011:1314-1)	Nessus	SuSE Local Security Checks	critical
74533	openSUSE Security Update : opera (openSUSE-2011-76)	Nessus	SuSE Local Security Checks	critical
59631	GLSA-201206-03 : Opera: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
57294	FreeBSD : opera -- multiple vulnerabilities (a4a809d8-25c8-11e1-b531-00215c6a37bb) (BEAST)	Nessus	FreeBSD Local Security Checks	critical
800845	Opera < 11.60 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
57039	Opera < 11.60 Multiple Vulnerabilities (BEAST)	Nessus	Windows	high
6105	Opera < 11.60 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high