CVE-2009-3046

HIGH

Opera < 10.00 - Improper Certificate Validation

Title source: llm

Description

Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate.

References (7)

Core 7

Core References

Broken Link, Vendor Advisory x_refsource_confirm

http://www.opera.com/docs/changelogs/freebsd/1000/

Broken Link, Vendor Advisory x_refsource_confirm

http://www.opera.com/support/kb/view/929/

Broken Link, Vendor Advisory x_refsource_confirm

http://www.opera.com/docs/changelogs/solaris/1000/

Broken Link, Vendor Advisory x_refsource_confirm

http://www.opera.com/docs/changelogs/linux/1000/

Broken Link, Vendor Advisory x_refsource_confirm

http://www.opera.com/docs/changelogs/windows/1000/

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6357

Broken Link, Vendor Advisory x_refsource_confirm

http://www.opera.com/docs/changelogs/mac/1000/

Scores

CVSS v3 7.5

EPSS 0.0014

EPSS Percentile 34.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-295

Status published

Products (1)

opera/opera_browser < 10.00

Published Sep 02, 2009

Tracked Since Feb 18, 2026