Opera < 12.17 opera_autoupdate.exe MITM Vulnerability

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser component that is affected by a
man-in-the-middle vulnerability.

Description :

The version of Opera installed on the remote host is prior to version
12.17, and thus includes an automatic update-checking component,
'opera_autoupdate.exe', that is vulnerable to man-in-the- middle
attacks because it does not properly verify server certificates.

See also :

http://www.opera.com/docs/changelogs/windows/1217/
http://blogs.opera.com/security/2014/04/heartbleed-heartaches/

Solution :

Upgrade to Opera 12.17 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: Windows

Nessus Plugin ID: 73764 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now