| VID |
28791 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Opera web browser which is older than version 10.0 has been installed on the host. Opera is a Web browser, developed by Opera Software, for multiple operating systems. Opera versions prior to 10.0 are vulnerable to multiple vulnerabilities.
- The collapsed Address bar can in some cases temporarily show the previous domain of the present site. (930)
- Certificates which use a wild card immediately before the top level domain, or nulls in the domain name, may pass validation checks in Opera. Sites using such certificates may then incorrectly be presented as secure. (934)
- Some Unicode characters are treated incorrectly which might cause international domain names that use them to be shown in the wrong format. Showing these addresses in Unicode instead of punycode could allow for limited address spoofing. (932)
- Opera does not check the revocation status for intermediate certificates not served by the server. If the intermediate is revoked, this might not impact the security rating in Opera, and the site might be shown as secure. (929)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.opera.com/support/kb/view/929/
http://www.opera.com/support/kb/view/930/
http://www.opera.com/support/kb/view/932/
http://www.opera.com/support/kb/view/934/
* Platforms Affected:
Opera Software, Opera versions prior to 10.0 |
| Recommendation |
Upgrade to the latest version of Opera (10.0 or later), available from the Opera Web site at http://www.opera.com/download/ |
| Related URL |
(CVE) |
| Related URL |
36202 (SecurityFocus) |
| Related URL |
(ISS) |
|
