Opera < 9.60 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 4706

Synopsis

The remote host contains a web browser that is affected by several issues.

Description

The version of Opera installed on the remote host is earlier than 9.60 and is reportedly affected by several issues :
- Specially crafted URLs can cause Opera to crash or allow arbitrary code execution.
- Once a Java applet has been cached, a page that can predict the cache path for that applet can load it from cache thereby causing it to run in the security context of the local machine, allowing for reading of other files from the cache.

Solution

Upgrade to version 9.60 or higher.

See Also

http://www.opera.com/support/search/view/901

http://www.opera.com/support/search/view/902

http://www.opera.com/docs/changelogs/windows/960

Plugin Details

Severity: Medium

ID: 4706

Family: Web Clients

Published: 2008/10/08

Modified: 2018/09/16

Dependencies: 1735, 8314

Nessus ID: 34368

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSSv3

Base Score: 5.6

Temporal Score: 5.1

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:opera:opera_browser

Reference Information

CVE: CVE-2008-4694, CVE-2008-4695

BID: 31631, 31643