Vulnerability Name:

CVE-2006-3331 (CCN-27449)

Assigned:2006-06-28
Published:2006-06-28
Updated:2022-02-28
Summary:Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Other
References:Source: MITRE
Type: CNA
CVE-2006-3331

Source: CCN
Type: SA19480
Opera SSL Certificate "Stealing" Weakness

Source: SECUNIA
Type: Broken Link, Patch
19480

Source: SECUNIA
Type: Broken Link
20897

Source: MISC
Type: Broken Link
http://secunia.com/secunia_research/2006-49/advisory/

Source: SREASON
Type: Broken Link
1177

Source: CCN
Type: SECTRACK ID: 1016406
Opera May Display the SSL Certificate of a Trusted Site While Visiting an Untrusted Site

Source: SECTRACK
Type: Broken Link, Third Party Advisory, VDB Entry
1016406

Source: SUSE
Type: Broken Link
SUSE-SA:2006:038

Source: CCN
Type: Opera Web site
Download Opera Web Browser

Source: CCN
Type: OSVDB ID: 26960
Opera SSL Security Bar Trusted Certificate Spoofing

Source: BUGTRAQ
Type: Broken Link, Third Party Advisory, VDB Entry
20060628 Secunia Research: Opera SSL Certificate "Stealing" Weakness

Source: BID
Type: Broken Link, Third Party Advisory, VDB Entry
18692

Source: CCN
Type: BID-18692
Opera SSL Certificate Spoofing Weakness

Source: VUPEN
Type: Broken Link
ADV-2006-2571

Source: XF
Type: Third Party Advisory, VDB Entry
opera-ssl-certificate-hijacking(27449)

Source: XF
Type: UNKNOWN
opera-ssl-certificate-hijacking(27449)

Source: SUSE
Type: SUSE-SA:2006:038
Opera 9.0 security update

Vulnerable Configuration:Configuration 1:
  • cpe:/a:opera:opera_browser:*:*:*:*:*:*:*:* (Version < 9.0)

    • Configuration CCN 1:
  • cpe:/a:opera:opera_browser:8.54:*:*:*:*:*:*:*
  • AND
  • cpe:/o:freebsd:freebsd:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    opera opera browser *
    opera opera browser 8.54
    freebsd freebsd *
    suse suse linux 9.0
    suse suse linux 9.2
    suse suse linux 10.0
    suse suse linux 10.1
    suse suse linux 9.3