Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.900368 |
Kategorie: | General |
Titel: | Opera Web Script Execution Vulnerabilities - June09 (Linux) |
Zusammenfassung: | This host has Opera browser installed and is prone to Web Script; Execution vulnerabilities. |
Beschreibung: | Summary: This host has Opera browser installed and is prone to Web Script Execution vulnerabilities. Vulnerability Insight: - Error in processing a '3xx' HTTP CONNECT response before a successful SSL handshake, which can be exploited by modifying the CONNECT response to specify a 302 redirect to an arbitrary https web site. - Error exists while the HTTP Host header to determine the context of a document provided in a '4xx' or '5xx' CONNECT response from a proxy server, which can be exploited by modifying this CONNECT response, aka an 'SSL tampering' attack. - Displays a cached certificate for a '4xx' or '5xx' CONNECT response page returned by a proxy server, which can be exploited by sending the browser a crafted 502 response page upon a subsequent request. - Detects http content in https web pages only when the top-level frame uses https. This can be exploited by modifying an http page to include an https iframe that references a script file on an http site, related to 'HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.' Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary web script and spoof an arbitrary https site by letting the browser obtain a valid certificate. Affected Software/OS: Opera version prior to 9.25 on Linux. Solution: Upgrade to Opera Version 10 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2009-2063 BugTraq ID: 35412 http://www.securityfocus.com/bid/35412 http://research.microsoft.com/apps/pubs/default.aspx?id=79323 http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf XForce ISS Database: opera-httpconnect-code-execution(51204) https://exchange.xforce.ibmcloud.com/vulnerabilities/51204 Common Vulnerability Exposure (CVE) ID: CVE-2009-2059 Common Vulnerability Exposure (CVE) ID: CVE-2009-2070 BugTraq ID: 35411 http://www.securityfocus.com/bid/35411 Common Vulnerability Exposure (CVE) ID: CVE-2009-2067 BugTraq ID: 35403 http://www.securityfocus.com/bid/35403 |
Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |