CVE-2014-0815

The intent: URL implementation in Opera before 18 on Android allows attackers to read local files by leveraging an interaction error, as demonstrated by reading stored cookies.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://jvn.jp/en/jp/JVN23256725/index.html
http://blogs.opera.com/security/2014/01/security-changes-features-opera-19/	Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000014
http://www.securityfocus.com/bid/65391
https://exchange.xforce.ibmcloud.com/vulnerabilities/91090

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:opera:opera_browser:15.00:next::::::
	cpe:2.3:a:opera:opera_browser:12.14:::::::*
	cpe:2.3:a:opera:opera_browser:12.01:::::::*
	cpe:2.3:a:opera:opera_browser:12.00:beta::::::
	cpe:2.3:a:opera:opera_browser:11.61:::::::*
	cpe:2.3:a:opera:opera_browser:11.60:beta::::::
	cpe:2.3:a:opera:opera_browser:11.10:beta::::::
	cpe:2.3:a:opera:opera_browser:11.10:::::::*
	cpe:2.3:a:opera:opera_browser:10.60:beta1::::::
	cpe:2.3:a:opera:opera_browser:10.60:alpha::::::
	cpe:2.3:a:opera:opera_browser:10.52:beta1::::::
	cpe:2.3:a:opera:opera_browser:12.11:::::::*
	cpe:2.3:a:opera:opera_browser:12.12:::::::*
	cpe:2.3:a:opera:opera_browser:10.53:b::::::
	cpe:2.3:a:opera:opera_browser:10.10:::::::*
	cpe:2.3:a:opera:opera_browser:10.50:::::::*
	cpe:2.3:a:opera:opera_browser:12.13:::::::*
	cpe:2.3:a:opera:opera_browser:11.50:beta::::::
	cpe:2.3:a:opera:opera_browser:16.00:::::::*
	cpe:2.3:a:opera:opera_browser::::::::
	cpe:2.3:a:opera:opera_browser:11.52:::::::*
	cpe:2.3:a:opera:opera_browser:10.20:alpha::::::
	cpe:2.3:a:opera:opera_browser:11.51:::::::*
	cpe:2.3:a:opera:opera_browser:10.52:::::::*
	cpe:2.3:a:opera:opera_browser:12.10:beta::::::
	cpe:2.3:a:opera:opera_browser:10.53:beta1::::::
	cpe:2.3:a:opera:opera_browser:11.65:::::::*
	cpe:2.3:a:opera:opera_browser:10.00:alpha::::::
	cpe:2.3:a:opera:opera_browser:10.00:beta1::::::
	cpe:2.3:a:opera:opera_browser:11.66:::::::*
	cpe:2.3:a:opera:opera_browser:10.63:::::::*
	cpe:2.3:a:opera:opera_browser:10.01:::::::*
	cpe:2.3:a:opera:opera_browser:11.00:::::::*
	cpe:2.3:a:opera:opera_browser:11.52.1100:::::::*
	cpe:2.3:a:opera:opera_browser:11.67:::::::*
	cpe:2.3:a:opera:opera_browser:11.50:::::::*
	cpe:2.3:a:opera:opera_browser:10.61:::::::*
	cpe:2.3:a:opera:opera_browser:10.52:beta2::::::
	cpe:2.3:a:opera:opera_browser:1.00:::::::*
	cpe:2.3:a:opera:opera_browser:10.00:::::::*
	cpe:2.3:a:opera:opera_browser:11.60:::::::*
	cpe:2.3:a:opera:opera_browser:10.62:::::::*
	cpe:2.3:a:opera:opera_browser:15.00:::::::*
	cpe:2.3:a:opera:opera_browser:10.00:beta3::::::
	cpe:2.3:a:opera:opera_browser:10.51:::::::*
	cpe:2.3:a:opera:opera_browser:12.02:::::::*
	cpe:2.3:a:opera:opera_browser:10.54:::::::*
	cpe:2.3:a:opera:opera_browser:12.15:::::::*
	cpe:2.3:a:opera:opera_browser:11.62:::::::*
	cpe:2.3:a:opera:opera_browser:10.11:::::::*
	cpe:2.3:a:opera:opera_browser:10.50:beta1::::::
	cpe:2.3:a:opera:opera_browser:10.53:::::::*
	cpe:2.3:a:opera:opera_browser:12.00:::::::*
	cpe:2.3:a:opera:opera_browser:11.00:beta::::::
	cpe:2.3:a:opera:opera_browser:11.01:::::::*
	cpe:2.3:a:opera:opera_browser:10.00:beta2::::::
	cpe:2.3:a:opera:opera_browser:10.50:beta2::::::
	cpe:2.3:a:opera:opera_browser:10.60:::::::*
	cpe:2.3:a:opera:opera_browser:10.10:beta1::::::
	cpe:2.3:a:opera:opera_browser:11.11:::::::*
	cpe:2.3:a:opera:opera_browser:12.10:::::::*
	cpe:2.3:a:opera:opera_browser:11.64:::::::*

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Information

Published : 2014-02-06 14:55

Updated : 2017-08-28 18:34

NVD link : CVE-2014-0815

Mitre link : CVE-2014-0815

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

google

android

opera

opera_browser

4.3 /10