CVE-2009-3046
published 2009-09-02CVE-2009-3046: Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the…
PriorityP428high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.11%
61.7th percentile
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opera | opera_browser | < 10.00 | 10.00 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Improper Following of a Certificate's Chain of Trust
mitre_cwe
CWE-296 Improper Following of a Certificate's Chain of Trust
CWE-296: Improper Following of a Certificate's Chain of Trust
The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate.
If a system does not follow the chain of trust of a certificate to a root server, the certificate loses all usefulness as a metric of trust. Essentially, the trust gained from a certificate is derived from a chain of trust -- with a reputable trusted entity at the end of that list. The end user must trust that reputable source, and this reputable source must vouch for the resource in question through the medium of the certificate. In some cases, this trust traverses several entities who vouch for one another. The enti
CWE
Improper Check for Certificate Revocation
mitre_cwe
CWE-299 Improper Check for Certificate Revocation
CWE-299: Improper Check for Certificate Revocation
The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.
An improper check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.
Modes of Introduction:
Phase: Implementation
Note: When the product uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning
CWE
Improper Certificate Validation
mitre_cwe
CWE-295 Improper Certificate Validation
CWE-295: Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
Background: A certificate is a token that associates an identity (principal) to a cryptographic key. Certificates can be used to check if a public key belongs to the assumed owner.
Modes of Introduction:
Phase: Architecture and Design
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Phase: Implementation
Note: When the product uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete.
Common Consequences:
Scope: Integrity, Authentication. Im
http://www.opera.com/docs/changelogs/freebsd/1000/http://www.opera.com/docs/changelogs/linux/1000/http://www.opera.com/docs/changelogs/mac/1000/http://www.opera.com/docs/changelogs/solaris/1000/http://www.opera.com/docs/changelogs/windows/1000/http://www.opera.com/support/kb/view/929/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6357http://www.opera.com/docs/changelogs/freebsd/1000/http://www.opera.com/docs/changelogs/linux/1000/http://www.opera.com/docs/changelogs/mac/1000/http://www.opera.com/docs/changelogs/solaris/1000/http://www.opera.com/docs/changelogs/windows/1000/http://www.opera.com/support/kb/view/929/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6357
2009-09-02
Published