Executive Summary
Summary | |
---|---|
Title | Opera: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201209-11 | First vendor Publication | 2012-09-25 |
Vendor | Gentoo | Last vendor Modification | 2012-09-25 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been found in Opera, the worst of which may allow remote execution of arbitrary code. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-201209-11.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201209-11.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
25 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:19026 | |||
Oval ID: | oval:org.mitre.oval:def:19026 | ||
Title: | Vulnerability has unknown impact and attack vectors, related to a "low severity issue in Opera before 12.01 | ||
Description: | Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a "low severity issue." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4145 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Opera Browser |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19099 | |||
Oval ID: | oval:org.mitre.oval:def:19099 | ||
Title: | Vulnerability which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms in Opera before 12.01 | ||
Description: | Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, does not properly escape characters in DOM elements, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted HTML document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4144 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Opera Browser |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19822 | |||
Oval ID: | oval:org.mitre.oval:def:19822 | ||
Title: | Vulnerability makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks in Opera before 12.01 | ||
Description: | Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4142 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Opera Browser |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19872 | |||
Oval ID: | oval:org.mitre.oval:def:19872 | ||
Title: | Vulnerability allows user-assisted remote attackers to trick users into downloading and executing arbitrary files in Opera before 12.01 | ||
Description: | Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4143 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Opera Browser |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19880 | |||
Oval ID: | oval:org.mitre.oval:def:19880 | ||
Title: | Vulnerability allows remote attackers to cause a denial of service (application crash) in Opera before 11.67 and 12.x before 12.01 | ||
Description: | Opera before 12.01 allows remote attackers to cause a denial of service (application crash) via a crafted web site, as demonstrated by the Lenovo "Shop now" page. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-4146 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Opera Browser |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-11 (opera) File : nvt/glsa_201209_11.nasl |
2012-09-03 | Name : Opera Address Bar Spoofing Vulnerability (Windows) File : nvt/gb_opera_address_bar_spoofing_vuln_win.nasl |
2012-08-08 | Name : Opera Multiple Vulnerabilities - August12 (Linux) File : nvt/gb_opera_mult_vuln_aug12_lin.nasl |
2012-08-08 | Name : Opera Multiple Vulnerabilities - August12 (Mac OS X) File : nvt/gb_opera_mult_vuln_aug12_macosx.nasl |
2012-08-08 | Name : Opera Multiple Vulnerabilities - August12 (Windows) File : nvt/gb_opera_mult_vuln_aug12_win.nasl |
2012-08-08 | Name : Opera Multiple Vulnerabilities - August12 (Mac OS X) File : nvt/gb_opera_show_page_dos_vuln_macosx.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-09-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-11.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote host contains a web browser that is affected by multiple issues. File : opera_1201.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:37:34 |
|