Detections
Analytics
Opera < 11.51 Multiple Vulnerabilities (BEAST)
medium Nessus Plugin ID 56042
Language:
Synopsis
The remote host contains a web browser that is affected by multiple vulnerabilities.Description
The version of Opera installed on the remote Windows host is prior to 11.51. It is, therefore, affected by multiple vulnerabilities :- An unspecified error can allow an insecure or malicious site to cause the browser to display security information belonging to another, secure site in the address bar. This causes the insecure or malicious site to appear to be part of, or secured by, a third-party site. (CVE-2011-3388)
- An information disclosure vulnerability, known as BEAST, exists in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API. (CVE-2011-3389)
Solution
Upgrade to Opera 11.51 or later.See Also
http://www.nessus.org/u?f5eae156
http://www.nessus.org/u?58b7f4ac
https://www.imperialviolet.org/2011/09/23/chromeandbeast.html
Plugin Details
Severity: Medium
ID: 56042
File Name: opera_1151.nasl
Version: 1.22
Type: Local
Agent: windows
Family: Windows
Published: 9/1/2011
Updated: 5/27/2026
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.1
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2011-3389
Vulnerability Information
CPE: cpe:/a:opera:opera_browser
Required KB Items: installed_sw/Opera
Exploit Ease: No known exploits are available
Patch Publication Date: 8/31/2011
Vulnerability Publication Date: 8/31/2011
Reference Information
CVE: CVE-2011-3388, CVE-2011-3389
CERT: 864643