CVE DATABASE / CVE-2009-3046
CVE-2009-3046
CVSS 7.5 · HIGH
Summary
Opera before 10.00 does not check all intermediate X.509 certificates for revocation, which makes it easier for remote SSL servers to bypass validation of the certificate chain via a revoked certificate.
CVSS 3.1 breakdown
| Base score | 7.5 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity | HIGH |
| Availability | NONE |
Weakness type (CWE)
Affected products
Opera opera browser
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://www.opera.com/docs/changelogs/freebsd/1000/
- http://www.opera.com/docs/changelogs/linux/1000/
- http://www.opera.com/docs/changelogs/mac/1000/
- http://www.opera.com/docs/changelogs/solaris/1000/
- http://www.opera.com/docs/changelogs/windows/1000/
- http://www.opera.com/support/kb/view/929/
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6357
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.