SSL Certificate Validation Bypass in Opera Browser by Opera Software
CVE-2009-3046

7.5HIGH

Key Information:

Vendor
Opera
Status
Opera Browser
Vendor
CVE Published:
2 September 2009

Summary

Opera versions prior to 10.00 contain a vulnerability that fails to adequately verify the revocation status of certain intermediate X.509 certificates. This oversight can potentially allow remote SSL servers to circumvent the validation process, thus enabling the use of revoked certificates, which poses significant security risks when establishing secure connections.

References

http://www.opera.com/docs/changelogs/freebsd/1000/
x_refsource_CONFIRM
http://www.opera.com/support/kb/view/929/
x_refsource_CONFIRM
http://www.opera.com/docs/changelogs/solaris/1000/
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.