CVE-2009-3046

7.5HIGH

Key Information:

Vendor: Opera
Status: Opera Browser
Vendor: CVE Published:; 2 September 2009

Summary

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate.

References

http://www.opera.com/docs/changelogs/freebsd/1000/

x_refsource_CONFIRM

http://www.opera.com/support/kb/view/929/

x_refsource_CONFIRM

http://www.opera.com/docs/changelogs/solaris/1000/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 2, 2009
Vulnerability Reserved
Sep 2, 2009