6.8

CVE-2013-1639

Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OperaOpera Browser Version <= 12.12
OperaOpera Browser Version12.00
OperaOpera Browser Version12.00 Updatebeta
OperaOpera Browser Version12.01
OperaOpera Browser Version12.02
OperaOpera Browser Version12.10
OperaOpera Browser Version12.10 Updatebeta
OperaOpera Browser Version12.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.382
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://lists.opensuse.org/opensuse-updates/2013-02/msg00038.html
http://www.opera.com/docs/changelogs/unified/1213/
http://www.opera.com/support/kb/view/1045/
Vendor Advisory