English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.900368
Kategorie:General
Titel:Opera Web Script Execution Vulnerabilities - June09 (Linux)
Zusammenfassung:This host has Opera browser installed and is prone to Web Script; Execution vulnerabilities.
Beschreibung:Summary:
This host has Opera browser installed and is prone to Web Script
Execution vulnerabilities.

Vulnerability Insight:
- Error in processing a '3xx' HTTP CONNECT response before a successful SSL
handshake, which can be exploited by modifying the CONNECT response
to specify a 302 redirect to an arbitrary https web site.

- Error exists while the HTTP Host header to determine the context of a
document provided in a '4xx' or '5xx' CONNECT response from a proxy server,
which can be exploited by modifying this CONNECT response, aka an
'SSL tampering' attack.

- Displays a cached certificate for a '4xx' or '5xx' CONNECT response page
returned by a proxy server, which can be exploited by sending the browser a
crafted 502 response page upon a subsequent request.

- Detects http content in https web pages only when the top-level frame uses
https. This can be exploited by modifying an http page to include an https
iframe that references a script file on an http site, related to
'HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.'

Vulnerability Impact:
Successful exploitation will allow attacker to execute arbitrary web script
and spoof an arbitrary https site by letting the browser obtain a valid certificate.

Affected Software/OS:
Opera version prior to 9.25 on Linux.

Solution:
Upgrade to Opera Version 10 or later.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-2063
BugTraq ID: 35412
http://www.securityfocus.com/bid/35412
http://research.microsoft.com/apps/pubs/default.aspx?id=79323
http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf
XForce ISS Database: opera-httpconnect-code-execution(51204)
https://exchange.xforce.ibmcloud.com/vulnerabilities/51204
Common Vulnerability Exposure (CVE) ID: CVE-2009-2059
Common Vulnerability Exposure (CVE) ID: CVE-2009-2070
BugTraq ID: 35411
http://www.securityfocus.com/bid/35411
Common Vulnerability Exposure (CVE) ID: CVE-2009-2067
BugTraq ID: 35403
http://www.securityfocus.com/bid/35403
CopyrightCopyright (C) 2009 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.