CVE-2004-2570

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-2570
Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0131.html Broken Link
http://osvdb.org/8331 Broken Link
http://secunia.com/advisories/12233 Broken Link Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200408-05.xml Patch Third Party Advisory
http://www.greymagic.com/security/advisories/gm008-op/ Broken Link Exploit Vendor Advisory
http://www.opera.com/docs/changelogs/windows/754/ Broken Link Patch
http://www.securityfocus.com/bid/10873 Broken Link Patch Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/16904 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*
History

28 Feb 2022, 18:29

Type Values Removed Values Added
First Time Opera
Opera opera Browser
CPE cpe:2.3:a:opera_software:opera_web_browser:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.21:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.10:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.20:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.11:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.11j:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.50b1:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.50:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.23:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.52:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.22:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.20_beta1_build2981:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.11b:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.51:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.0:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.53:*:*:*:*:*:*:*
cpe:2.3:a:opera_software:opera_web_browser:7.0.2:*:*:*:*:*:*:*		 cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other CWE-74
References (MISC) http://www.greymagic.com/security/advisories/gm008-op/ - Exploit, Vendor Advisory (MISC) http://www.greymagic.com/security/advisories/gm008-op/ - Broken Link, Exploit, Vendor Advisory
References (FULLDISC) http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0131.html - (FULLDISC) http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0131.html - Broken Link
References (OSVDB) http://osvdb.org/8331 - (OSVDB) http://osvdb.org/8331 - Broken Link
References (BID) http://www.securityfocus.com/bid/10873 - Patch (BID) http://www.securityfocus.com/bid/10873 - Broken Link, Patch, Third Party Advisory, VDB Entry
References (CONFIRM) http://www.opera.com/docs/changelogs/windows/754/ - Patch (CONFIRM) http://www.opera.com/docs/changelogs/windows/754/ - Broken Link, Patch
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/16904 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/16904 - Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/12233 - Patch, Vendor Advisory (SECUNIA) http://secunia.com/advisories/12233 - Broken Link, Patch, Vendor Advisory
References (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200408-05.xml - Patch (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200408-05.xml - Patch, Third Party Advisory
Information

Published : 2004-12-31 05:00

Updated : 2023-12-10 10:28

NVD link : CVE-2004-2570

Mitre link : CVE-2004-2570

CVE.ORG link : CVE-2004-2570

JSON object : View

Products Affected

opera

  • opera_browser
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')