Opera < 12.13 Multiple Vulnerabilities

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities.

Description :

The version of Opera installed on the remote host is earlier than 12.13
and is, therefore, reportedly affected by the following
vulnerabilities :

- An error exists related to DOM manipulation that could
lead to application crashes or arbitrary code
execution. (1042)

- A use-after-free error exists related to SVG 'clipPaths'
that could lead to memory corruption or arbitrary code
execution. (1043)

- An error exists related to the TLS protocol, CBC mode
encryption and response time. An attacker could obtain
plaintext contents of encrypted traffic via timing
attacks. (1044)

- The application could fail to make the proper 'pre-
flight' Cross-Origin Resource Sharing (CORS) requests.
In some situations this error could aid an attacker in
cross-site request forgery (CSRF) attacks. (1045)

- An unspecified, low severity issue exists that has an
unspecified impact.

See also :

http://www.opera.com/support/kb/view/1042/
http://www.opera.com/support/kb/view/1043/
http://www.opera.com/support/kb/view/1044/
http://www.opera.com/support/kb/view/1045/
http://www.opera.com/docs/changelogs/unified/1213/
http://www.nessus.org/u?37c158d3
http://www.isg.rhul.ac.uk/tls/

Solution :

Upgrade to Opera 12.13 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.8
(CVSS2#E:F/RL:ND/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 64363 ()

Bugtraq ID: 57633
57773

CVE ID: CVE-2013-1618
CVE-2013-1637
CVE-2013-1638
CVE-2013-1639

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now