Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."
References
Link | Resource |
---|---|
http://www.opera.com/docs/changelogs/freebsd/1000/ | Vendor Advisory |
http://www.opera.com/docs/changelogs/linux/1000/ | Vendor Advisory |
http://www.opera.com/docs/changelogs/solaris/1000/ | Vendor Advisory |
http://www.opera.com/support/kb/view/931/ | Vendor Advisory |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5679 | |
http://www.opera.com/docs/changelogs/freebsd/1000/ | Vendor Advisory |
http://www.opera.com/docs/changelogs/linux/1000/ | Vendor Advisory |
http://www.opera.com/docs/changelogs/solaris/1000/ | Vendor Advisory |
http://www.opera.com/support/kb/view/931/ | Vendor Advisory |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5679 |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 01:06
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.opera.com/docs/changelogs/freebsd/1000/ - Vendor Advisory | |
References | () http://www.opera.com/docs/changelogs/linux/1000/ - Vendor Advisory | |
References | () http://www.opera.com/docs/changelogs/solaris/1000/ - Vendor Advisory | |
References | () http://www.opera.com/support/kb/view/931/ - Vendor Advisory | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5679 - |
Information
Published : 2009-09-02 17:30
Updated : 2024-11-21 01:06
NVD link : CVE-2009-3048
Mitre link : CVE-2009-3048
CVE.ORG link : CVE-2009-3048
JSON object : View
Products Affected
freebsd
- freebsd
sun
- solaris
conectiva
- linux
opera
- opera_browser
CWE
CWE-20
Improper Input Validation