Opera < 10.0 Multiple Vulnerabilities

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
issues.

Description :

The version of Opera installed on the remote host is earlier than
10.0 and thus reportedly affected by multiple issues :

- Opera does not check the revocation status for
intermediate certificates not served by the server. If
the intermediate is revoked, this might not impact the
security rating in Opera, and the site might be shown as
secure. (929)

- The collapsed Address bar can in some cases temporarily
show the previous domain of the present site. (930)

- Some Unicode characters are treated incorrectly which
might cause international domain names that use them to
be shown in the wrong format. Showing these addresses in
Unicode instead of punycode could allow for limited
address spoofing. (932)

- The application trusts root X.509 certificates signed
with the MD2 algorithm. (933)

- Certificates which use a wild card immediately before
the top level domain, or nulls in the domain name, may
pass validation checks in Opera. Sites using such
certificates may then incorrectly be presented as
secure. (934)

See also :

http://www.opera.com/support/kb/view/929/
http://www.opera.com/support/kb/view/930/
http://www.opera.com/support/kb/view/932/
http://www.opera.com/support/kb/view/933/
http://www.opera.com/support/kb/view/934/

Solution :

Upgrade to Opera 10.0 or later.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 40827 ()

Bugtraq ID: 36202

CVE ID: CVE-2009-3044
CVE-2009-3045
CVE-2009-3046
CVE-2009-3047
CVE-2009-3049

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now