1. CVE-Search
  2. CVE-2009-3045
ID CVE-2009-3045
Summary Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.
References
Vulnerable Configurations
  • cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.51:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.52:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:9.64:*:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:9.64:*:*:*:*:*:*:*
  • cpe:2.3:a:opera:opera_browser:*:beta_3:*:*:*:*:*:*
    cpe:2.3:a:opera:opera_browser:*:beta_3:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
oval via4
accepted 2014-03-17T04:00:28.364-04:00
class vulnerability
contributors
  • name Chandan S
    organization SecPod Technologies
  • name Josh Turpin
    organization Symantec Corporation
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
comment Opera Browser is installed
oval oval:org.mitre.oval:def:6482
description Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted server certificate.
family windows
id oval:org.mitre.oval:def:6442
status accepted
submitted 2009-09-24T12:57:10
title Opera before 10.00 trusts root X.509 certificates signed with the MD2 algorithm
version 11
refmap via4
confirm
Last major update 30-10-2018 - 16:26
Published 02-09-2009 - 17:30
Last modified 30-10-2018 - 16:26
Back to Top