Vulnerability Details : CVE-2014-0815
The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.
Products affected by CVE-2014-0815
- cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:1.00:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.10:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.50:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.50:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.01:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.10:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.53:b:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.00:beta2:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.00:beta3:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.52:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.53:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.00:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.00:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.50:beta2:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.51:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.00:alpha:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.52:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.52:beta2:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.11:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.54:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.60:alpha:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.20:alpha:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.60:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.61:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.60:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.63:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.62:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.00:beta:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.00:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.11:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.10:beta:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.10:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.01:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.50:beta:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.50:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.52:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.51:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.60:beta:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:10.53:beta1:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.60:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.61:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.62:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.64:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.65:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:12.00:beta:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.52.1100:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:12.00:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:12.01:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.66:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:12.02:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:12.10:beta:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:12.10:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:12.11:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:11.67:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:12.13:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:12.12:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:12.14:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:15.00:next:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:16.00:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:15.00:*:*:*:*:*:*:*
- cpe:2.3:a:opera:opera_browser:12.15:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0815
0.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0815
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-0815
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0815
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/91090
Opera for Android intent information disclosure CVE-2014-0815 Vulnerability Report
-
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000014
JVNDB-2014-000014 - JVN iPedia - 脆弱性対策情報データベース
-
http://www.securityfocus.com/bid/65391
Opera Web Browser for Android Intent Scheme URL's Handling Information Disclosure Vulnerability
-
http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/
Security changes and features of Opera 19 - Blog | Opera SecurityVendor Advisory
-
http://jvn.jp/en/jp/JVN23256725/index.html
JVN#23256725: Opera browser for Android issue in handling intent scheme URL's
Jump to