Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1639

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2013-1639
Last Modified 07 Mar 2013 11:12:04
Published 08 Feb 2013 06:58:22
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-1639

Summary

Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.

Vulnerable Systems

Application

  • Opera Browser 12.00

  • Opera Browser 12.01

  • Opera Browser 12.02

  • Opera Browser 12.10

  • Opera Browser 12.11

  • Opera Browser 12.12


References

CONFIRM - http://www.opera.com/support/kb/view/1045/

CONFIRM - http://www.opera.com/docs/changelogs/unified/1213/

SUSE - openSUSE-SU-2013:0289


Last Updated: 27 May 2016 10:51:50