Summary
This host is installed with Opera Web Browser and is prone to Multiple Spoof URL vulnerabilities.
Impact
Successful exploitation will allow attackers to conduct URL spoofing, and can cause Security Bypass in the victim's system.
Impact Level: Application
Solution
Upgrade to Opera version 10.00
http://www.opera.com/browser/download/
Insight
- Opera fails to handle a '\0' character or invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate.
- The Trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.
- Opera fails to check all intermediate X.509 certificates for revocation.
- When a collapsed address bar is used, Opera does not properly update the domain name from the previously visited site to the currently visited site.
- Opera fails to display all characters in Internationalized Domain Names (IDN) in the address bar.
Affected
Opera version prior to 10.00 on Linux.
References
Severity
Classification
-
CVE CVE-2009-3044, CVE-2009-3045, CVE-2009-3046, CVE-2009-3047, CVE-2009-3048, CVE-2009-3049 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
- Adobe Flex SDK 'SWF' Files Cross-Site Scripting Vulnerability (Windows)
- Apache Tomcat Remote Code Execution Vulnerability - Sep14
- Adobe Reader Plugin Signature Bypass Vulnerability (Linux)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Mac OS X)