Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2005-1139

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-16 Apr, 2005 | 04:00
Updated At-07 Aug, 2024 | 21:35
Rejected At-
Credits

Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:16 Apr, 2005 | 04:00
Updated At:07 Aug, 2024 | 21:35
Rejected At:
▼CVE Numbering Authority (CNA)

Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.novell.com/linux/security/advisories/2005_31_opera.html
vendor-advisory
x_refsource_SUSE
http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/40503
vdb-entry
x_refsource_XF
http://www.geotrust.com/resources/advisory/sslorg/index.htm
x_refsource_MISC
http://www.securityfocus.com/bid/13176
vdb-entry
x_refsource_BID
Hyperlink: http://www.novell.com/linux/security/advisories/2005_31_opera.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm
Resource:
x_refsource_MISC
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/40503
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.geotrust.com/resources/advisory/sslorg/index.htm
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/bid/13176
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.novell.com/linux/security/advisories/2005_31_opera.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm
x_refsource_MISC
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/40503
vdb-entry
x_refsource_XF
x_transferred
http://www.geotrust.com/resources/advisory/sslorg/index.htm
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/13176
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.novell.com/linux/security/advisories/2005_31_opera.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/40503
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.geotrust.com/resources/advisory/sslorg/index.htm
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/13176
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Apr, 2005 | 04:00
Updated At:03 Apr, 2025 | 01:03

Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Opera
opera
>>opera_browser>>8.0
cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.geotrust.com/resources/advisory/sslorg/index.htmcve@mitre.org
Broken Link
Exploit
Vendor Advisory
http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htmcve@mitre.org
Broken Link
Patch
Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_31_opera.htmlcve@mitre.org
Broken Link
http://www.securityfocus.com/bid/13176cve@mitre.org
Broken Link
Third Party Advisory
VDB Entry
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/40503cve@mitre.org
Third Party Advisory
VDB Entry
http://www.geotrust.com/resources/advisory/sslorg/index.htmaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Exploit
Vendor Advisory
http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htmaf854a3a-2127-422b-91ae-364da2661108
Broken Link
Patch
Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_31_opera.htmlaf854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/13176af854a3a-2127-422b-91ae-364da2661108
Broken Link
Third Party Advisory
VDB Entry
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/40503af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: http://www.geotrust.com/resources/advisory/sslorg/index.htm
Source: cve@mitre.org
Resource:
Broken Link
Exploit
Vendor Advisory
Hyperlink: http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm
Source: cve@mitre.org
Resource:
Broken Link
Patch
Vendor Advisory
Hyperlink: http://www.novell.com/linux/security/advisories/2005_31_opera.html
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/13176
Source: cve@mitre.org
Resource:
Broken Link
Third Party Advisory
VDB Entry
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/40503
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.geotrust.com/resources/advisory/sslorg/index.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Exploit
Vendor Advisory
Hyperlink: http://www.geotrust.com/resources/advisory/sslorg/sslorg-advisory.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Patch
Vendor Advisory
Hyperlink: http://www.novell.com/linux/security/advisories/2005_31_opera.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Hyperlink: http://www.securityfocus.com/bid/13176
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Broken Link
Third Party Advisory
VDB Entry
Vendor Advisory
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/40503
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

12Records found
CVE-2006-3198
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.59% / 92.56%
||
7 Day CHG~0.00%
Published-23 Jun, 2006 | 20:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Opera 8.54 and earlier allows remote attackers to execute arbitrary code via a JPEG image with large height and width values, which causes less memory to be allocated than intended.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2004-1157
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.67% / 70.46%
||
7 Day CHG~0.00%
Published-10 Dec, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2005-3750
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.62% / 91.48%
||
7 Day CHG~0.00%
Published-22 Nov, 2005 | 19:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera before 8.51 on Linux and Unix systems allows remote attackers to execute arbitrary code via shell metacharacters (backticks) in a URL that another product provides in a command line argument when launching Opera.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2005-1475
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.61%
||
7 Day CHG~0.00%
Published-16 Jun, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2004-0717
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.62% / 69.01%
||
7 Day CHG~0.00%
Published-23 Jul, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncOperaMicrosoft Corporation
Product-opera_browserlinux_kernelwindowsn/a
CVE-2003-1387
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.98% / 92.74%
||
7 Day CHG~0.00%
Published-19 Oct, 2007 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2003-0870
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.66% / 93.40%
||
7 Day CHG~0.00%
Published-21 Oct, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2003-0593
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.66%
||
7 Day CHG~0.00%
Published-16 Mar, 2004 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-18624
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 42.62%
||
7 Day CHG~0.00%
Published-29 Oct, 2019 | 17:12
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214.

Action-Not Available
Vendor-n/aOpera
Product-minin/a
CVE-2007-5540
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.76% / 72.32%
||
7 Day CHG~0.00%
Published-18 Oct, 2007 | 00:00
Updated-07 Aug, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2007-1737
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.13% / 32.74%
||
7 Day CHG~0.00%
Published-28 Mar, 2007 | 22:00
Updated-07 Aug, 2024 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opera 9.10 does not check URLs embedded in (1) object or (2) iframe HTML tags against the phishing site blacklist, which allows remote attackers to bypass phishing protection.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CVE-2005-0233
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-8.58% / 92.04%
||
7 Day CHG~0.00%
Published-07 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Action-Not Available
Vendor-omnigroupn/aOperaMozilla Corporation
Product-firefoxopera_web_browsermozillaomniwebopera_browsercaminon/a
Details not found