Info

Disclosure

May 25, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Opera contains a flaw that is triggered by a failure to properly validate X.509 SSL certificates. This may make it easier for an attacker to perform a man-in-the-middle attack.

Classification

Location: Remote / Network Access
Attack Type: Cryptographic, Information Disclosure
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 9.63 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Opera Software ASA

Opera

9.62

References

CVE ID: 2012-1251 (see also: NVD)
Other Advisory URL: http://jvn.jp/en/jp/JVN39707339/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000049
Vendor Specific News/Changelog Entry: http://www.opera.com/docs/changelogs/mac/963/
http://www.opera.com/docs/changelogs/unix/963/
http://www.opera.com/docs/changelogs/windows/963/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/82726