Information disclosure in Opera Opera_browser

CVE-2013-3210

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.

Vulnerability class: Information Disclosure

EPSS: 0.017 (73.6th percentile) — read the EPSS interpretation.

Affected products

Opera Opera_browser — versions 3.00, 3.10, 3.21
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM)