製品・ソフトウェアに関する情報

JVN脆弱性詳細

Opera におけるローカルファイル名の有効性を判別される脆弱性

Title	Opera におけるローカルファイル名の有効性を判別される脆弱性
Summary	Opera には、Web ページからローカルディスク上のフィードソースファイルへのリンクの使用を制限しないため、ローカルファイル名の有効性を判別される脆弱性が存在します。
Possible impacts	第三者により、ローカルファイル名の有効性を判別される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 27, 2008, midnight
Registration Date	Sept. 27, 2010, 4:04 p.m.
Last Update	Sept. 27, 2010, 4:04 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected System

Opera Software ASA

Opera 9.52 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-4199	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4199
National Vulnerability Database (NVD)
2	CVE-2008-4199	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4199

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	Name	URL
Opera knowledge base
1	896	http://www.opera.com/support/kb/view/896
2	mac/952	http://www.opera.com/docs/changelogs/mac/952
3	unix/952	http://www.opera.com/docs/changelogs/unix/952
4	windows/952	http://www.opera.com/docs/changelogs/windows/952

その他

No	Name	URL
ISS X-Force Database
1	44557	http://xforce.iss.net/xforce/xfdb/44557
Secunia Advisory
2	SA31549	http://secunia.com/advisories/31549
SecurityFocus
3	30768	http://www.securityfocus.com/bid/30768
SecurityTracker
4	1020722	http://www.securitytracker.com/id?1020722
VUPEN Security
5	VUPEN/ADV-2008-2416	http://www.vupen.com/english/advisories/2008/2416

Change Log

No	Changed Details	Date of change
0	[2010年09月27日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-4199

Summary	Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."
Publication Date	Sept. 27, 2008, 7:30 p.m.
Registration Date	Jan. 29, 2021, 1:42 p.m.
Last Update	Aug. 8, 2017, 10:32 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:opera:opera_browser:5.0:::::::*
cpe:2.3:a:opera:opera_browser:5.0:beta2::::::
cpe:2.3:a:opera:opera_browser:5.0:beta3::::::
cpe:2.3:a:opera:opera_browser:5.0:beta4::::::
cpe:2.3:a:opera:opera_browser:5.0:beta5::::::
cpe:2.3:a:opera:opera_browser:5.0:beta6::::::
cpe:2.3:a:opera:opera_browser:5.0:beta7::::::
cpe:2.3:a:opera:opera_browser:5.0:beta8::::::
cpe:2.3:a:opera:opera_browser:5.02:::::::*
cpe:2.3:a:opera:opera_browser:5.10:::::::*
cpe:2.3:a:opera:opera_browser:5.11:::::::*
cpe:2.3:a:opera:opera_browser:5.12:::::::*
cpe:2.3:a:opera:opera_browser:6.0:::::::*
cpe:2.3:a:opera:opera_browser:6.0:beta1::::::
cpe:2.3:a:opera:opera_browser:6.0:beta2::::::
cpe:2.3:a:opera:opera_browser:6.0:beta3::::::
cpe:2.3:a:opera:opera_browser:6.0:tp1::::::
cpe:2.3:a:opera:opera_browser:6.0:tp2::::::
cpe:2.3:a:opera:opera_browser:6.0:tp3::::::
cpe:2.3:a:opera:opera_browser:6.01:::::::*
cpe:2.3:a:opera:opera_browser:6.1:::::::*
cpe:2.3:a:opera:opera_browser:6.1:beta1::::::
cpe:2.3:a:opera:opera_browser:6.02:::::::*
cpe:2.3:a:opera:opera_browser:6.03:::::::*
cpe:2.3:a:opera:opera_browser:6.04:::::::*
cpe:2.3:a:opera:opera_browser:6.05:::::::*
cpe:2.3:a:opera:opera_browser:6.06:::::::*
cpe:2.3:a:opera:opera_browser:6.11:::::::*
cpe:2.3:a:opera:opera_browser:6.12:::::::*
cpe:2.3:a:opera:opera_browser:7.0:::::::*
cpe:2.3:a:opera:opera_browser:7.0:beta1::::::
cpe:2.3:a:opera:opera_browser:7.0:beta1_v2::::::
cpe:2.3:a:opera:opera_browser:7.0:beta2::::::
cpe:2.3:a:opera:opera_browser:7.01:::::::*
cpe:2.3:a:opera:opera_browser:7.02:::::::*
cpe:2.3:a:opera:opera_browser:7.03:::::::*
cpe:2.3:a:opera:opera_browser:7.10:::::::*
cpe:2.3:a:opera:opera_browser:7.10:beta1::::::
cpe:2.3:a:opera:opera_browser:7.11:::::::*
cpe:2.3:a:opera:opera_browser:7.11:beta2::::::
cpe:2.3:a:opera:opera_browser:7.20:::::::*
cpe:2.3:a:opera:opera_browser:7.20:beta7::::::
cpe:2.3:a:opera:opera_browser:7.21:::::::*
cpe:2.3:a:opera:opera_browser:7.22:::::::*
cpe:2.3:a:opera:opera_browser:7.23:::::::*
cpe:2.3:a:opera:opera_browser:7.50:::::::*
cpe:2.3:a:opera:opera_browser:7.50:beta1::::::
cpe:2.3:a:opera:opera_browser:7.51:::::::*
cpe:2.3:a:opera:opera_browser:7.52:::::::*
cpe:2.3:a:opera:opera_browser:7.53:::::::*
cpe:2.3:a:opera:opera_browser:7.54:::::::*
cpe:2.3:a:opera:opera_browser:7.54:update1::::::
cpe:2.3:a:opera:opera_browser:7.54:update2::::::
cpe:2.3:a:opera:opera_browser:7.60:::::::*
cpe:2.3:a:opera:opera_browser:8.0:::::::*
cpe:2.3:a:opera:opera_browser:8.0:beta1::::::
cpe:2.3:a:opera:opera_browser:8.0:beta2::::::
cpe:2.3:a:opera:opera_browser:8.0:beta3::::::
cpe:2.3:a:opera:opera_browser:8.01:::::::*
cpe:2.3:a:opera:opera_browser:8.02:::::::*
cpe:2.3:a:opera:opera_browser:8.50:::::::*
cpe:2.3:a:opera:opera_browser:8.51:::::::*
cpe:2.3:a:opera:opera_browser:8.52:::::::*
cpe:2.3:a:opera:opera_browser:8.53:::::::*
cpe:2.3:a:opera:opera_browser:8.54:::::::*
cpe:2.3:a:opera:opera_browser:9.0:::::::*
cpe:2.3:a:opera:opera_browser:9.0:beta1::::::
cpe:2.3:a:opera:opera_browser:9.0:beta2::::::
cpe:2.3:a:opera:opera_browser:9.01:::::::*
cpe:2.3:a:opera:opera_browser:9.02:::::::*
cpe:2.3:a:opera:opera_browser:9.10:::::::*
cpe:2.3:a:opera:opera_browser:9.12:::::::*
cpe:2.3:a:opera:opera_browser:9.20:::::::*
cpe:2.3:a:opera:opera_browser:9.20:beta1::::::
cpe:2.3:a:opera:opera_browser:9.21:::::::*
cpe:2.3:a:opera:opera_browser:9.22:::::::*
cpe:2.3:a:opera:opera_browser:9.23:::::::*
cpe:2.3:a:opera:opera_browser:9.24:::::::*
cpe:2.3:a:opera:opera_browser:9.25:::::::*
cpe:2.3:a:opera:opera_browser:9.26:::::::*
cpe:2.3:a:opera:opera_browser:9.27:::::::*
cpe:2.3:a:opera:opera_browser:9.50:::::::*
cpe:2.3:a:opera:opera_browser:9.50:beta1::::::
cpe:2.3:a:opera:opera_browser:9.50:beta2::::::
cpe:2.3:a:opera:opera_browser::::::::		9.51

Related information, measures and tools

No	URL	refsource	タグ
1	http://bugs.gentoo.org/show_bug.cgi?id=235298	CONFIRM
2	http://secunia.com/advisories/31549	SECUNIA	Vendor Advisory
3	http://secunia.com/advisories/32538	SECUNIA	Vendor Advisory
4	http://security.gentoo.org/glsa/glsa-200811-01.xml	GENTOO
5	http://securitytracker.com/id?1020722	SECTRACK
6	http://www.openwall.com/lists/oss-security/2008/09/19/2	MLIST
7	http://www.openwall.com/lists/oss-security/2008/09/24/4	MLIST
8	http://www.opera.com/docs/changelogs/freebsd/952/	CONFIRM
9	http://www.opera.com/docs/changelogs/linux/952/	CONFIRM
10	http://www.opera.com/docs/changelogs/mac/952/	CONFIRM
11	http://www.opera.com/docs/changelogs/solaris/952/	CONFIRM
12	http://www.opera.com/docs/changelogs/windows/952/	CONFIRM
13	http://www.opera.com/support/search/view/896/	CONFIRM
14	http://www.securityfocus.com/bid/30768	BID
15	http://www.vupen.com/english/advisories/2008/2416	VUPEN	Vendor Advisory
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/44557	XF

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:opera:opera_browser:5.0:::::::*
cpe:2.3:a:opera:opera_browser:5.0:beta2::::::
cpe:2.3:a:opera:opera_browser:5.0:beta3::::::
cpe:2.3:a:opera:opera_browser:5.0:beta4::::::
cpe:2.3:a:opera:opera_browser:5.0:beta5::::::
cpe:2.3:a:opera:opera_browser:5.0:beta6::::::
cpe:2.3:a:opera:opera_browser:5.0:beta7::::::
cpe:2.3:a:opera:opera_browser:5.0:beta8::::::
cpe:2.3:a:opera:opera_browser:5.02:::::::*
cpe:2.3:a:opera:opera_browser:5.10:::::::*
cpe:2.3:a:opera:opera_browser:5.11:::::::*
cpe:2.3:a:opera:opera_browser:5.12:::::::*
cpe:2.3:a:opera:opera_browser:6.0:::::::*
cpe:2.3:a:opera:opera_browser:6.0:beta1::::::
cpe:2.3:a:opera:opera_browser:6.0:beta2::::::
cpe:2.3:a:opera:opera_browser:6.0:beta3::::::
cpe:2.3:a:opera:opera_browser:6.0:tp1::::::
cpe:2.3:a:opera:opera_browser:6.0:tp2::::::
cpe:2.3:a:opera:opera_browser:6.0:tp3::::::
cpe:2.3:a:opera:opera_browser:6.01:::::::*
cpe:2.3:a:opera:opera_browser:6.1:::::::*
cpe:2.3:a:opera:opera_browser:6.1:beta1::::::
cpe:2.3:a:opera:opera_browser:6.02:::::::*
cpe:2.3:a:opera:opera_browser:6.03:::::::*
cpe:2.3:a:opera:opera_browser:6.04:::::::*
cpe:2.3:a:opera:opera_browser:6.05:::::::*
cpe:2.3:a:opera:opera_browser:6.06:::::::*
cpe:2.3:a:opera:opera_browser:6.11:::::::*
cpe:2.3:a:opera:opera_browser:6.12:::::::*
cpe:2.3:a:opera:opera_browser:7.0:::::::*
cpe:2.3:a:opera:opera_browser:7.0:beta1::::::
cpe:2.3:a:opera:opera_browser:7.0:beta1_v2::::::
cpe:2.3:a:opera:opera_browser:7.0:beta2::::::
cpe:2.3:a:opera:opera_browser:7.01:::::::*
cpe:2.3:a:opera:opera_browser:7.02:::::::*
cpe:2.3:a:opera:opera_browser:7.03:::::::*
cpe:2.3:a:opera:opera_browser:7.10:::::::*
cpe:2.3:a:opera:opera_browser:7.10:beta1::::::
cpe:2.3:a:opera:opera_browser:7.11:::::::*
cpe:2.3:a:opera:opera_browser:7.11:beta2::::::
cpe:2.3:a:opera:opera_browser:7.20:::::::*
cpe:2.3:a:opera:opera_browser:7.20:beta7::::::
cpe:2.3:a:opera:opera_browser:7.21:::::::*
cpe:2.3:a:opera:opera_browser:7.22:::::::*
cpe:2.3:a:opera:opera_browser:7.23:::::::*
cpe:2.3:a:opera:opera_browser:7.50:::::::*
cpe:2.3:a:opera:opera_browser:7.50:beta1::::::
cpe:2.3:a:opera:opera_browser:7.51:::::::*
cpe:2.3:a:opera:opera_browser:7.52:::::::*
cpe:2.3:a:opera:opera_browser:7.53:::::::*
cpe:2.3:a:opera:opera_browser:7.54:::::::*
cpe:2.3:a:opera:opera_browser:7.54:update1::::::
cpe:2.3:a:opera:opera_browser:7.54:update2::::::
cpe:2.3:a:opera:opera_browser:7.60:::::::*
cpe:2.3:a:opera:opera_browser:8.0:::::::*
cpe:2.3:a:opera:opera_browser:8.0:beta1::::::
cpe:2.3:a:opera:opera_browser:8.0:beta2::::::
cpe:2.3:a:opera:opera_browser:8.0:beta3::::::
cpe:2.3:a:opera:opera_browser:8.01:::::::*
cpe:2.3:a:opera:opera_browser:8.02:::::::*
cpe:2.3:a:opera:opera_browser:8.50:::::::*
cpe:2.3:a:opera:opera_browser:8.51:::::::*
cpe:2.3:a:opera:opera_browser:8.52:::::::*
cpe:2.3:a:opera:opera_browser:8.53:::::::*
cpe:2.3:a:opera:opera_browser:8.54:::::::*
cpe:2.3:a:opera:opera_browser:9.0:::::::*
cpe:2.3:a:opera:opera_browser:9.0:beta1::::::
cpe:2.3:a:opera:opera_browser:9.0:beta2::::::
cpe:2.3:a:opera:opera_browser:9.01:::::::*
cpe:2.3:a:opera:opera_browser:9.02:::::::*
cpe:2.3:a:opera:opera_browser:9.10:::::::*
cpe:2.3:a:opera:opera_browser:9.12:::::::*
cpe:2.3:a:opera:opera_browser:9.20:::::::*
cpe:2.3:a:opera:opera_browser:9.20:beta1::::::
cpe:2.3:a:opera:opera_browser:9.21:::::::*
cpe:2.3:a:opera:opera_browser:9.22:::::::*
cpe:2.3:a:opera:opera_browser:9.23:::::::*
cpe:2.3:a:opera:opera_browser:9.24:::::::*
cpe:2.3:a:opera:opera_browser:9.25:::::::*
cpe:2.3:a:opera:opera_browser:9.26:::::::*
cpe:2.3:a:opera:opera_browser:9.27:::::::*
cpe:2.3:a:opera:opera_browser:9.50:::::::*
cpe:2.3:a:opera:opera_browser:9.50:beta1::::::
cpe:2.3:a:opera:opera_browser:9.50:beta2::::::
cpe:2.3:a:opera:opera_browser::::::::		9.51