Vulnerability Name:

CVE-2004-2570 (CCN-16904)

Assigned:2004-08-05
Published:2004-08-05
Updated:2022-02-28
Summary:Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-74
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Thu Aug 05 2004 - 06:16:52 CDT
Opera: Location, Location, Location

Source: FULLDISC
Type: Broken Link
20040805 Opera: Location, Location, Location

Source: MITRE
Type: CNA
CVE-2004-2570

Source: OSVDB
Type: Broken Link
8331

Source: CCN
Type: SA12233
Opera Browser "location" Object Write Access Vulnerability

Source: SECUNIA
Type: Broken Link, Patch, Vendor Advisory
12233

Source: CCN
Type: GLSA-200408-05
Opera: Multiple new vulnerabilities

Source: GENTOO
Type: Patch, Third Party Advisory
GLSA-200408-05

Source: MISC
Type: Broken Link, Exploit, Vendor Advisory
http://www.greymagic.com/security/advisories/gm008-op/

Source: CONFIRM
Type: Broken Link, Patch
http://www.opera.com/docs/changelogs/windows/754/

Source: CCN
Type: Opera Web site
Changelog for Opera 7.51 for Windows

Source: CCN
Type: OSVDB ID: 8331
Opera location Object Crafted URL Arbitrary Local File Access

Source: BID
Type: Broken Link, Patch, Third Party Advisory, VDB Entry
10873

Source: CCN
Type: BID-10873
Opera Remote Location Object Cross-Domain Scripting Vulnerability

Source: XF
Type: Third Party Advisory, VDB Entry
opera-location-method-overwrite(16904)

Source: XF
Type: UNKNOWN
opera-location-method-overwrite(16904)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:opera:opera_browser:*:*:*:*:*:*:*:* (Version < 7.54)

    • Configuration CCN 1:
  • cpe:/a:opera:opera_browser:7.53:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    opera opera browser *
    opera opera browser 7.53
    gentoo linux *