Executive Summary

Informations
NameCVE-2009-2540First vendor Publication2009-07-20
VendorCveLast vendor Modification2018-10-30

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2540

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-2Inducing Account Lockout
CAPEC-82Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-99XML Parser Attack
CAPEC-119Resource Depletion
CAPEC-121Locate and Exploit Test APIs
CAPEC-125Resource Depletion through Flooding
CAPEC-130Resource Depletion through Allocation
CAPEC-147XML Ping of Death
CAPEC-197XEE (XML Entity Expansion)
CAPEC-227Denial of Service through Resource Depletion
CAPEC-228Resource Depletion through DTD Injection in a SOAP Message
CAPEC-229XML Attribute Blowup

CWE : Common Weakness Enumeration

%idName
100 %CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5957
 
Oval ID: oval:org.mitre.oval:def:5957
Title: Opera integer value denial of service
Description: Opera, possibly 9.64 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2540
Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Product(s): Opera Browser
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application119

OpenVAS Exploits

DateDescription
2012-04-19Name : Opera Web Browser Select Object Denial Of Service Vulnerability (Mac OS X)
File : nvt/gb_opera_select_dos_vuln_macosx.nasl
2009-07-22Name : Opera Web Browser Select Object Denial Of Service Vulnerability (Linux)
File : nvt/gb_opera_select_dos_vuln_lin.nasl
2009-07-22Name : Opera Web Browser Select Object Denial Of Service Vulnerability (Win)
File : nvt/gb_opera_select_dos_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
56258Opera Select Object Length Property Handling Memory Consumption DoS

Sources (Detail)

SourceUrl
BUGTRAQ http://www.securityfocus.com/archive/1/504969/100/0/threaded
http://www.securityfocus.com/archive/1/504988/100/0/threaded
http://www.securityfocus.com/archive/1/504989/100/0/threaded
http://www.securityfocus.com/archive/1/505006/100/0/threaded
EXPLOIT-DB http://www.exploit-db.com/exploits/9160
MISC http://www.g-sec.lu/one-bug-to-rule-them-all.html
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/52874

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
DateInformations
2018-10-31 00:19:57
  • Multiple Updates
2018-10-11 00:19:39
  • Multiple Updates
2017-09-19 09:23:18
  • Multiple Updates
2017-08-17 09:22:39
  • Multiple Updates
2016-06-28 17:46:23
  • Multiple Updates
2016-04-26 18:59:06
  • Multiple Updates
2013-05-10 23:54:18
  • Multiple Updates