Opera < 9.20 Multiple Vulnerabilities

This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is susceptible to
multiple issues.

Description :

The version of Opera installed on the remote host reportedly may allow
a remote attacker to bypass cross-site scripting filters because it
renders a web page without a defined charset with the charset of the
parent page.

In addition, its FTP implementation can be leveraged by remote
attackers to force the client to connect to arbitrary servers via FTP
PASV responses.

See also :

http://bindshell.net/papers/ftppasv
http://www.hardened-php.net/advisory_032007.142.html
http://www.opera.com/support/search/view/855/

Solution :

Upgrade to Opera version 9.20 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 25036 ()

Bugtraq ID: 22701
23089
41927

CVE ID: CVE-2007-1114
CVE-2007-1115
CVE-2007-1563

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now