CVE-2011-0684
Opera < 11.01 - Information Disclosure via HTTP Response Manipulation
Title source: llmDescription
Opera before 11.01 does not properly handle redirections and unspecified other HTTP responses, which allows remote web servers to obtain sufficient access to local files to use these files as page resources, and consequently obtain potentially sensitive information from the contents of the files, via an unknown response manipulation.
References (9)
Core 9
Core References
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/windows/1101/
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0231
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/unix/1101/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46036
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/mac/1101/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/70730
Vendor Advisory x_refsource_confirm
http://www.opera.com/support/kb/view/984/
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12296
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43023
Scores
EPSS
0.0085
EPSS Percentile
75.2%
Details
CWE
CWE-20
Status
published
Products (30)
opera/opera_browser
5.0 (8 CPE variants)
opera/opera_browser
5.02
opera/opera_browser
5.10
opera/opera_browser
5.11
opera/opera_browser
5.12
opera/opera_browser
6.0 (6 CPE variants)
opera/opera_browser
6.1 (2 CPE variants)
opera/opera_browser
6.01
opera/opera_browser
6.02
opera/opera_browser
6.03
... and 20 more
Published
Jan 31, 2011
Tracked Since
Feb 18, 2026