Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1563 — Sensitive Information Exposure in Browser

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

10.4%

top 6.76%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Opera Browser

Timeline

PublishedMar 21

Latest updateMay 1

Description

The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDopera/opera_browser9.10

🔴Vulnerability Details

GHSA

GHSA-p9qf-vm7w-6rj9: The FTP protocol implementation in Opera 9↗2022-05-01

▶

CVEList

CVE-2007-1563: The FTP protocol implementation in Opera 9↗2007-03-21

▶

💥Exploits & PoCs

Exploit-DB

Opera 9.x - FTP PASV Port-Scanning↗2007-03-21

▶