Vulnerabilities > CVE-2007-3142 - Authentication Server Domain Spoofing vulnerability in Opera Browser 9.21
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Visual truncation vulnerability in Opera 9.21 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after 34 characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200708-17.NASL description The remote host is affected by the vulnerability described in GLSA-200708-17 (Opera: Multiple vulnerabilities) An error known as last seen 2020-06-01 modified 2020-06-02 plugin id 26040 published 2007-09-14 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26040 title GLSA-200708-17 : Opera: Multiple vulnerabilities NASL family Windows NASL id OPERA_922.NASL description The version of Opera installed on the remote host reportedly can be tricked into attempting to dereference an invalid object pointer when parsing a specially crafted BitTorrent header. This could cause the application to crash or even lead to execution of arbitrary code subject to the privileges of the current user. Successful exploitation requires that a user on the affected host click on a link to a BitTorrent file and then remove the entry from Opera last seen 2020-06-01 modified 2020-06-02 plugin id 25755 published 2007-07-23 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25755 title Opera < 9.22 Multiple Vulnerabilities
References
- http://osvdb.org/43463
- http://secunia.com/advisories/26545
- http://security.gentoo.org/glsa/glsa-200708-17.xml
- http://testing.bitsploit.de/test.html
- http://www.0x000000.com/?i=334
- http://www.novell.com/linux/security/advisories/2007_15_sr.html
- http://www.securityfocus.com/bid/24352
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34983