CVE-2013-1639

EUVD-2013-1670
Opera before 12.13 does not send CORS preflight requests in all required cases, which allows remote attackers to bypass a CSRF protection mechanism via a crafted web site that triggers a CORS request.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
Affected Products (NVD)
VendorProductVersion
operaopera_browser
𝑥
≤ 12.12
operaopera_browser
12.00
operaopera_browser
12.00:beta
operaopera_browser
12.01
operaopera_browser
12.02
operaopera_browser
12.10
operaopera_browser
12.10:beta
operaopera_browser
12.11
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2013-02/msg00038.html
http://www.opera.com/docs/changelogs/unified/1213/
http://www.opera.com/support/kb/view/1045/
http://lists.opensuse.org/opensuse-updates/2013-02/msg00038.html
http://www.opera.com/docs/changelogs/unified/1213/
http://www.opera.com/support/kb/view/1045/