CVE-2013-3210
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
19/04/2013
Last modified:
11/04/2025
Description
Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:* | 12.14 (including) | |
| cpe:2.3:a:opera:opera_browser:3.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opera:opera_browser:3.00:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:opera:opera_browser:3.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opera:opera_browser:3.21:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opera:opera_browser:3.50:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opera:opera_browser:3.51:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opera:opera_browser:3.60:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opera:opera_browser:3.61:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opera:opera_browser:3.62:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opera:opera_browser:3.62:beta:*:*:*:*:*:* | ||
| cpe:2.3:a:opera:opera_browser:4.00:*:*:*:*:*:*:* | ||
| cpe:2.3:a:opera:opera_browser:4.00:beta2:*:*:*:*:*:* | ||
| cpe:2.3:a:opera:opera_browser:4.00:beta3:*:*:*:*:*:* | ||
| cpe:2.3:a:opera:opera_browser:4.00:beta4:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page