Summary
This host has Opera browser installed and is prone to Web Script Execution vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary web script and spoof an arbitrary https site by letting the browser obtain a valid certificate.
Impact Level: Application
Impact Level: Application
Solution
Upgarde to Opera Version 10 or later,
For updates refer to http://www.opera.com/download/
Insight
- Error in processing a '3xx' HTTP CONNECT response before a successful SSL handshake, which can be exploited by modifying the CONNECT response to specify a 302 redirect to an arbitrary https web site.
- Error exists while the HTTP Host header to determine the context of a document provided in a '4xx' or '5xx' CONNECT response from a proxy server, which can be exploited by modifying this CONNECT response, aka an 'SSL tampering' attack.
- Displays a cached certificate for a '4xx' or '5xx' CONNECT response page returned by a proxy server, which can be exploited by sending the browser a crafted 502 response page upon a subsequent request.
- Detects http content in https web pages only when the top-level frame uses https. This can be exploited by modifying an http page to include an https iframe that references a script file on an http site, related to 'HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.'
Affected
Opera version prior to 9.25 on Linux.
References
Severity
Classification
-
CVSS Base Score: 5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe LiveCycle Designer Untrusted Search Path Vulnerability (Windows)
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Mac OS X)
- Apple Safari libxml Denial of Service Vulnerability
- Apple Safari Web Script Execution Vulnerabilites - June09