Summary
The host is installed with Opera Web Browser and is prone to Cross-Site Scripting Vulnerability.
Impact
Successful remote attack could execute arbitrary script code in the context of the user running the application and to steal cookie-based authentication credentials and other sensitive data that may aid in further attacks.
Impact Level: Application
Solution
Upgrade to Opera version 9.64 or later.
For updates refer to http://www.opera.com/download/
Insight
Flaw is due to error in Refresh headers in HTTP responses. It does not block javascript: URIs, while injecting a Refresh header or specifying the content of a Refresh header
Affected
Opera version 9.52 and prior on Windows.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-2351 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat Multiple Vulnerabilities-01 (Nov14)
- Adobe Products Unspecified Cross-Site Scripting Vulnerability June-2011 (Windows)
- Apple Safari 'SRC' Remote Denial Of Service Vulnerability
- Adobe Digital Edition Information Disclosure Vulnerability (Mac OS X)
- Brother HL-5370DW Printer 'post/panel.html' Security Bypass Vulnerability