vulnerability note CVE-2009-3555

Opera: two vulnerabilities

Synthesis of the vulnerability

Two vulnerabilities were announced in Opera. The first one can be used to inject data in a TLS session.

Severity: 2/4. Creation date: 02/03/2010.

Description of the vulnerability

Two vulnerabilities were announced in Opera. A remote attacker can use a vulnerability of TLS in order to insert pain text data during a renegotiation via a man-in-the-middle attack (VIGILANCE-VUL-9181). [severity:2/4; BID-36935, CVE-2009-3555, VU#120541, >] Another vulnerability was announced, but its technical details are unknown. [severity:2/4; >]

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Opera: two vulnerabilities. Keywords: 120541 Opera TLS vulnerabilities. Identifiers: BID-36935, CVE-2009-3555, VIGILANCE-VUL-9484, VU#120541.

Information sources

Publications and announces Source example: Opera 10.50 (with Opera Widgets for Desktop) for Windows changelog (Final)

Solutions for this vulnerability

Patch or workaround

Supplements

Vulnerability : TLS A remote attacker can use a vulnerability of TLS in order to insert pain text data during a renegotiation via a man-in-the-middle attack (VIGILANCE-VUL-9181). Severity: 2/4. Identifiers: BID-36935, CVE-2009-3555, VU#120541. Publications and announces Source example: Advisory: TLS protocol vulnerable to Man In The Middle attack

Vulnerability : moderately severe Another vulnerability was announced, but its technical details are unknown. Severity: 2/4.

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Technology watch team on vulnerabilities