CVSS: 5.0EPSS: 0%CPEs: 114EXPL: 0CVE-2009-3044
https://notcve.org/view.php?id=CVE-2009-3044
Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Opera anterior v10.00 no maneja apropiadamente (1) caracter '\0' o (2)el carácter comodín invalido en el nombre de dominio en el campo Common Name (CN) de un certificado X.509, lo cual permite a atacantes hombre-en-el-medio (man-in-the-middle) suplantar servidores SSL a su elección a través de certificados manipulados expedidos por una Autoridad de Certificación legítima. • http://www.opera.com/docs/changelogs/freebsd/1000 http://www.opera.com/docs/changelogs/linux/1000 http://www.opera.com/docs/changelogs/mac/1000 http://www.opera.com/docs/changelogs/solaris/1000 http://www.opera.com/docs/changelogs/windows/1000 http://www.opera.com/support/kb/view/934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6444 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 25EXPL: 0CVE-2009-3045
https://notcve.org/view.php?id=CVE-2009-3045
Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate. opera anterior a v10.00 confía en los certificados raíz X.509 firmados con el algoritmo MD2, lo que facilita a atacantes hombre-en-el-medio (Man-in-the-middle) suplantar cualquier servidor SSL a través de un certificado de servidor manipulado. • http://www.opera.com/docs/changelogs/freebsd/1000 http://www.opera.com/docs/changelogs/linux/1000 http://www.opera.com/docs/changelogs/mac/1000 http://www.opera.com/docs/changelogs/solaris/1000 http://www.opera.com/docs/changelogs/windows/1000 http://www.opera.com/support/kb/view/933 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6442 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3046
https://notcve.org/view.php?id=CVE-2009-3046
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate. Opera anterior v10.00 no chequea todos los certificados X.509 de revocación, lo que hace que los servidores remotos SSL superen fácilemente la validación del certificado a través de certificados revocados. • http://www.opera.com/docs/changelogs/freebsd/1000 http://www.opera.com/docs/changelogs/linux/1000 http://www.opera.com/docs/changelogs/mac/1000 http://www.opera.com/docs/changelogs/solaris/1000 http://www.opera.com/docs/changelogs/windows/1000 http://www.opera.com/support/kb/view/929 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6357 • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0CVE-2009-3047
https://notcve.org/view.php?id=CVE-2009-3047
Opera before 10.00, when a collapsed address bar is used, does not properly update the domain name from the previously visited site to the currently visited site, which might allow remote attackers to spoof URLs. Opera anterior a v10.00, cuando se usa una dirección colapsada en la barra, no actualiza adecuadamente el nombre de dominio del sitio web previo al sitio web actual, lo que podría permitir a atacantes remotos suplantar URLs. • http://www.opera.com/docs/changelogs/freebsd/1000 http://www.opera.com/docs/changelogs/linux/1000 http://www.opera.com/docs/changelogs/mac/1000 http://www.opera.com/docs/changelogs/solaris/1000 http://www.opera.com/docs/changelogs/windows/1000 http://www.opera.com/support/kb/view/930 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6460 •
CVSS: 4.3EPSS: 0%CPEs: 123EXPL: 0CVE-2009-3048
https://notcve.org/view.php?id=CVE-2009-3048
Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file." Opera anterior a la v10.00 sobre Linux, SOlaris y FreeBSD no implementa adecuadamente la funcionalidad "INPUT TYPE=file", lo que permite a atacantes remotos engañar al usuario para que suba un archivo a través de vectores que involucran un "archivo para descargar" (dropped file). • http://www.opera.com/docs/changelogs/freebsd/1000 http://www.opera.com/docs/changelogs/linux/1000 http://www.opera.com/docs/changelogs/solaris/1000 http://www.opera.com/support/kb/view/931 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5679 • CWE-20: Improper Input Validation •