CVE-2008-4199

CVSS V2 Medium 5 CVSS V3 None
Description
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."
Overview
  • CVE ID
  • CVE-2008-4199
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2008-09-27T10:30:03
  • Last Modified Date
  • 2017-08-08T01:32:30
Weakness Enumerations
CWE URL
CWE-200 http://cwe.mitre.org/data/definitions/200.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:* 1 OR 9.51
cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:5.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:5.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:5.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.0:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.0:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.0:beta3:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.0:tp1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.0:tp2:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.0:tp3:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.1:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.02:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.03:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.04:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.05:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.06:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:6.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.0:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.0:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.02:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.03:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.10:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.11:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.20:beta7:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.50:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.50:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.51:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.52:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.53:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.54:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.54:update1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.54:update2:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:7.60:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:8.0:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:8.0:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:8.0:beta3:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:8.02:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:8.50:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:8.51:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:8.52:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:8.53:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:8.54:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.0:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.0:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.02:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.20:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.26:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.27:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.50:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.50:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:9.50:beta2:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://bugs.gentoo.org/show_bug.cgi?id=235298
http://www.openwall.com/lists/oss-security/2008/09/19/2
http://www.opera.com/docs/changelogs/freebsd/952/
http://www.opera.com/docs/changelogs/solaris/952/
http://www.openwall.com/lists/oss-security/2008/09/24/4
http://www.opera.com/support/search/view/896/
http://www.opera.com/docs/changelogs/mac/952/
http://www.opera.com/docs/changelogs/windows/952/
http://www.opera.com/docs/changelogs/linux/952/
http://security.gentoo.org/glsa/glsa-200811-01.xml
http://secunia.com/advisories/32538 Vendor Advisory
http://secunia.com/advisories/31549 Vendor Advisory
http://securitytracker.com/id?1020722
http://www.securityfocus.com/bid/30768
http://www.vupen.com/english/advisories/2008/2416 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44557
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2008-4199
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4199
History
Created Old Value New Value Data Type Notes
2022-05-10 09:06:01 Added to TrackCVE