CVE-2014-0815

CVSS V2 Medium 4.3 CVSS V3 None
Description
The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.
Overview
  • CVE ID
  • CVE-2014-0815
  • Assigner
  • vultures@jpcert.or.jp
  • Vulnerability Status
  • Modified
  • Published Version
  • 2014-02-06T22:55:03
  • Last Modified Date
  • 2017-08-29T01:34:15
Weakness Enumerations
CWE URL
CWE-200 http://cwe.mitre.org/data/definitions/200.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:* 1 OR 17.00
cpe:2.3:a:opera:opera_browser:1.00:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.00:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.00:alpha:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.00:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.00:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.00:beta3:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.10:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.20:alpha:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.50:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.50:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.50:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.51:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.52:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.52:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.52:beta2:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.53:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.53:b:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.53:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.54:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.60:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.60:alpha:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.60:beta1:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.61:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.62:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:10.63:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.00:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.00:beta:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.10:beta:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.50:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.50:beta:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.51:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.52:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.52.1100:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.60:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.60:beta:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.61:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.62:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.64:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.65:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.66:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:11.67:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:12.00:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:12.00:beta:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:12.01:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:12.02:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:12.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:12.10:beta:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:12.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:12.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:12.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:12.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:12.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:15.00:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:15.00:next:*:*:*:*:*:* 1 OR
cpe:2.3:a:opera:opera_browser:16.00:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:google:android:*:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://jvn.jp/en/jp/JVN23256725/index.html
http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/ Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000014
http://www.securityfocus.com/bid/65391
https://exchange.xforce.ibmcloud.com/vulnerabilities/91090
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2014-0815
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0815
History
Created Old Value New Value Data Type Notes
2022-05-10 08:44:04 Added to TrackCVE
2022-12-01 21:49:52 2014-02-06T22:55Z 2014-02-06T22:55:03 CVE Published Date updated
2022-12-01 21:49:52 2017-08-29T01:34:15 CVE Modified Date updated
2022-12-01 21:49:52 Modified Vulnerability Status updated