CVE-2009-3044Browser vulnerability

CWE-3103 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.3%
top 44.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opera Browser
Timeline
PublishedSep 2
Latest updateMay 2

Description

Opera before 10.00 does not properly handle a (1) '\0' character or (2) invalid wildcard character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDopera/opera_browser10.00+71

🔴Vulnerability Details

2
GHSA
GHSA-63x4-39mf-5c4v: Opera before 102022-05-02
CVEList
CVE-2009-3044: Opera before 102009-09-02
CVE-2009-3044 — Opera Browser vulnerability | cvebase