Opera < 11.60 Multiple Vulnerabilities
High Log Correlation Engine Plugin ID 800845
SynopsisThe remote host has a web browser installed that is vulnerable to multiple attack vectors.
DescriptionThe remote host is running the Opera web browser.
Versions of Opera earlier than 11.60 are potentially affected by multiple vulnerabilities :
- Top level domain separation rules are not honored for two-letter top level domains, e.g., .us or .uk and some three-letter top-level domains. This error can allow sites to set the scripting context to the top level domain. Further, this can allow sites to set and read cookies from other sites whose scripting context is set to the same top level domain. (Issue 1003)
- An error exists in the SSLv3 and TLSv1.3 specification that can allow the BEAST attack. (Issue 1004)
- An unspecified, moderately sever issue exists. Details are to be disclosed by the vendor at a later date.
IAVB Reference : 2012-B-0006
STIG Finding Severity : Category I
SolutionUpgrade to Opera 11.60 or later.