Vulnerability Details : CVE-2008-4200
Opera before 9.52 does not ensure that the address field of a news feed represents the feed's actual URL, which allows remote attackers to change this field to display the URL of a page containing web script controlled by the attacker.
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2008-4200
Probability of exploitation activity in the next 30 days: 0.55%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-4200
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:P |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2008-4200
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-4200
- http://www.securityfocus.com/bid/30768
-
http://www.opera.com/docs/changelogs/windows/952/
How can we help you? - Opera HelpPatch
-
http://www.opera.com/support/search/view/897/
Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/44559
-
http://security.gentoo.org/glsa/glsa-200811-01.xml
Opera: Multiple vulnerabilities (GLSA 200811-01) — Gentoo security
-
http://bugs.gentoo.org/show_bug.cgi?id=235298
235298 – www-client/opera < 9.52 Multiple vulnerabilities (CVE-2008-{4195,4196,4197,4198,4199,4200,4292})
- http://www.opera.com/docs/changelogs/mac/952/
-
http://www.opera.com/docs/changelogs/freebsd/952/
How can we help you? - Opera HelpPatch
-
http://www.opera.com/docs/changelogs/solaris/952/
How can we help you? - Opera HelpPatch
-
http://www.vupen.com/english/advisories/2008/2416
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
-
http://www.securitytracker.com/id?1020723
-
http://www.opera.com/docs/changelogs/linux/952/
How can we help you? - Opera HelpPatch
-
http://www.openwall.com/lists/oss-security/2008/09/19/2
oss-security - CVE request: Opera < 9.52 multiple vulnerabilities
-
http://www.openwall.com/lists/oss-security/2008/09/24/4
oss-security - Re: CVE request: Opera < 9.52 multiple vulnerabilities
Products affected by CVE-2008-4200
- cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.50:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.50:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.27:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.50:beta2:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.26:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.23:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.24:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:9.25:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:6.0:beta3:*:*:*:*:*:*