CVE-2008-4696 [中] | XSS（Opera）

CVE-2008-4696 は悪用リスクが高い（62.6/100）。CVSS 深刻度は中。悪用される可能性が高い（EPSS 62.12%、98 パーセンタイル）公開エクスプロイトが 4 件参照されています（Exploit-DB）。公開エクスプロイトが確認されています。影響範囲の確認、緩和策の適用、パッチ適用を優先してください。

EDB-ID	ソース	種別	公開	リンク
16304	exploit_db	edb	2010-11-11	Exploit-DB ↗
9944	exploit_db	edb	2008-10-23	Exploit-DB ↗
6801	exploit_db	edb	2008-10-22	Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

ソース

種別

公開

リンク

16304

exploit_db

edb

2010-11-11

Exploit-DB ↗

9944

exploit_db

edb

2008-10-23

Exploit-DB ↗

6801

exploit_db

edb

2008-10-22

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	日付	旧 EPSS スコア	新 EPSS スコア	Δ（新 − 旧）
1	2025-03-30	66.08%	62.12%	-3.96%
2	2025-03-29	62.12%	66.08%	+3.96%
3	2025-03-17	—	62.12%	—

日付

旧 EPSS スコア

新 EPSS スコア

Δ（新 − 旧）

2025-03-30

66.08%

62.12%

-3.96%

2025-03-29

62.12%

66.08%

+3.96%

2025-03-17

—

62.12%

—

ベーススコア	バージョン	深刻度	ベクトル	悪用しやすさ	影響	スコアの出典
4.3	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:N/I:P/A:N` クリックして展開アクセス経路 (AV:N) ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。アクセスの複雑さ (AC:M) 多少の有利条件は要るが、極端なレアケースではない。認証 (AU:N) 認証を経ずに攻撃を完結できる。機密性への影響 (C:N) 機密性は損なわれない。完全性への影響 (I:P) 完全性は部分的に損なわれる。可用性への影響 (A:N) 可用性は損なわれない。	8.6	2.9	[email protected]

ベーススコア

バージョン

深刻度

ベクトル

悪用しやすさ

影響

スコアの出典

4.3

2.0

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N クリックして展開

アクセス経路 (AV:N): ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。
アクセスの複雑さ (AC:M): 多少の有利条件は要るが、極端なレアケースではない。
認証 (AU:N): 認証を経ずに攻撃を完結できる。
機密性への影響 (C:N): 機密性は損なわれない。
完全性への影響 (I:P): 完全性は部分的に損なわれる。
可用性への影響 (A:N): 可用性は損なわれない。

8.6

2.9

[email protected]

CVE-2008-4696 の OS トラッカー

vendor	priority	summary	link
`gentoo`	normal	CVE-2008-4696: 1 GLSA(s) (200811-01), 1 atom(s) (www-client/opera); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2008-4696
`ubuntu`	low	CVE-2008-4696 low priority: Ubuntu including 1 source packages (opera), 5 status rows across 5 suites (dapper, gutsy, hardy, intrepid, upstream): DNE 4, released 1.	https://ubuntu.com/security/CVE-2008-4696

CVE-2008-4696 の影響を受けるソフトウェア／構成

ベンダー	製品	バージョン	生の CPE
opera	opera	—	cpe:2.3:a:opera:opera::::::::
opera	opera	<= 9.6	cpe:2.3:a:opera:opera::::::::
opera	opera	5..10	cpe:2.3:a:opera:opera:5..10:::::::*
opera	opera	5.0	cpe:2.3:a:opera:opera:5.0:::::::*
opera	opera	5.1	cpe:2.3:a:opera:opera:5.1:::::::*
opera	opera	5.2	cpe:2.3:a:opera:opera:5.2:::::::*
opera	opera	5.3	cpe:2.3:a:opera:opera:5.3:::::::*
opera	opera	5.4	cpe:2.3:a:opera:opera:5.4:::::::*
opera	opera	5.5	cpe:2.3:a:opera:opera:5.5:::::::*
opera	opera	5.6	cpe:2.3:a:opera:opera:5.6:::::::*
opera	opera	5.7	cpe:2.3:a:opera:opera:5.7:::::::*
opera	opera	5.8	cpe:2.3:a:opera:opera:5.8:::::::*
opera	opera	5.9	cpe:2.3:a:opera:opera:5.9:::::::*
opera	opera	5.11	cpe:2.3:a:opera:opera:5.11:::::::*
opera	opera	5.12	cpe:2.3:a:opera:opera:5.12:::::::*
opera	opera	6	cpe:2.3:a:opera:opera:6:beta_1::::::
opera	opera	6.0	cpe:2.3:a:opera:opera:6.0:::::::*
opera	opera	6.01	cpe:2.3:a:opera:opera:6.01:::::::*
opera	opera	6.02	cpe:2.3:a:opera:opera:6.02:::::::*
opera	opera	6.03	cpe:2.3:a:opera:opera:6.03:::::::*
opera	opera	6.04	cpe:2.3:a:opera:opera:6.04:::::::*
opera	opera	6.05	cpe:2.3:a:opera:opera:6.05:::::::*
opera	opera	6.06	cpe:2.3:a:opera:opera:6.06:::::::*
opera	opera	7	cpe:2.3:a:opera:opera:7:beta_1::::::
opera	opera	7	cpe:2.3:a:opera:opera:7:beta_1.2::::::
opera	opera	7.0	cpe:2.3:a:opera:opera:7.0:::::::*
opera	opera	7.0	cpe:2.3:a:opera:opera:7.0:beta_2::::::
opera	opera	7.01	cpe:2.3:a:opera:opera:7.01:::::::*
opera	opera	7.02	cpe:2.3:a:opera:opera:7.02:::::::*
opera	opera	7.03	cpe:2.3:a:opera:opera:7.03:::::::*
opera	opera	7.10	cpe:2.3:a:opera:opera:7.10:::::::*
opera	opera	7.11	cpe:2.3:a:opera:opera:7.11:::::::*
opera	opera	7.20	cpe:2.3:a:opera:opera:7.20:::::::*
opera	opera	7.20	cpe:2.3:a:opera:opera:7.20:beta7::::::
opera	opera	7.21	cpe:2.3:a:opera:opera:7.21:::::::*
opera	opera	7.22	cpe:2.3:a:opera:opera:7.22:::::::*
opera	opera	7.23	cpe:2.3:a:opera:opera:7.23:::::::*
opera	opera	7.50	cpe:2.3:a:opera:opera:7.50:::::::*
opera	opera	7.50	cpe:2.3:a:opera:opera:7.50:beta_1::::::
opera	opera	7.51	cpe:2.3:a:opera:opera:7.51:::::::*
opera	opera	7.52	cpe:2.3:a:opera:opera:7.52:::::::*
opera	opera	7.53	cpe:2.3:a:opera:opera:7.53:::::::*
opera	opera	7.54	cpe:2.3:a:opera:opera:7.54:::::::*
opera	opera	7.54	cpe:2.3:a:opera:opera:7.54:update_1::::::
opera	opera	7.54	cpe:2.3:a:opera:opera:7.54:update_2::::::
opera	opera	8.0	cpe:2.3:a:opera:opera:8.0:::::::*
opera	opera	8.0	cpe:2.3:a:opera:opera:8.0:beta_1::::::
opera	opera	8.0	cpe:2.3:a:opera:opera:8.0:beta_2::::::
opera	opera	8.0	cpe:2.3:a:opera:opera:8.0:beta_3::::::
opera	opera	8.01	cpe:2.3:a:opera:opera:8.01:::::::*
opera	opera	8.02	cpe:2.3:a:opera:opera:8.02:::::::*
opera	opera	8.50	cpe:2.3:a:opera:opera:8.50:::::::*
opera	opera	8.51	cpe:2.3:a:opera:opera:8.51:::::::*
opera	opera	8.52	cpe:2.3:a:opera:opera:8.52:::::::*
opera	opera	8.53	cpe:2.3:a:opera:opera:8.53:::::::*
opera	opera	8.54	cpe:2.3:a:opera:opera:8.54:::::::*
opera	opera	9.0	cpe:2.3:a:opera:opera:9.0:::::::*
opera	opera	9.0	cpe:2.3:a:opera:opera:9.0:beta_1::::::
opera	opera	9.0	cpe:2.3:a:opera:opera:9.0:beta_2::::::
opera	opera	9.01	cpe:2.3:a:opera:opera:9.01:::::::*
opera	opera	9.02	cpe:2.3:a:opera:opera:9.02:::::::*
opera	opera	9.10	cpe:2.3:a:opera:opera:9.10:::::::*
opera	opera	9.20	cpe:2.3:a:opera:opera:9.20:::::::*
opera	opera	9.20	cpe:2.3:a:opera:opera:9.20:beta_1::::::
opera	opera	9.21	cpe:2.3:a:opera:opera:9.21:::::::*
opera	opera	9.22	cpe:2.3:a:opera:opera:9.22:::::::*
opera	opera	9.23	cpe:2.3:a:opera:opera:9.23:::::::*
opera	opera	9.24	cpe:2.3:a:opera:opera:9.24:::::::*
opera	opera	9.25	cpe:2.3:a:opera:opera:9.25:::::::*
opera	opera	9.26	cpe:2.3:a:opera:opera:9.26:::::::*
opera	opera	9.27	cpe:2.3:a:opera:opera:9.27:::::::*
opera	opera	9.50	cpe:2.3:a:opera:opera:9.50:::::::*
opera	opera	9.50	cpe:2.3:a:opera:opera:9.50:beta_2::::::
opera	opera	9.51	cpe:2.3:a:opera:opera:9.51:::::::*

CVE-2008-4696 の参考情報

URL	タグ
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html
http://secunia.com/advisories/32299	Vendor Advisory
http://secunia.com/advisories/32394
http://secunia.com/advisories/32538
http://security.gentoo.org/glsa/glsa-200811-01.xml
http://securityreason.com/securityalert/4504
http://www.openwall.com/lists/oss-security/2008/10/21/6
http://www.openwall.com/lists/oss-security/2008/10/22/5
http://www.opera.com/docs/changelogs/freebsd/961/	Patch
http://www.opera.com/docs/changelogs/linux/961/	Patch
http://www.opera.com/docs/changelogs/mac/961/	Patch
http://www.opera.com/docs/changelogs/solaris/961/
http://www.opera.com/docs/changelogs/windows/961/
http://www.opera.com/support/search/view/903/	Vendor Advisory
http://www.security-assessment.com/files/advisories/2008-10-22_Opera_Stored_Cross_Site_Scripting.pdf
http://www.securityfocus.com/archive/1/497646/100/0/threaded
http://www.securityfocus.com/bid/31869	Exploit Patch
http://www.vupen.com/english/advisories/2008/2873
https://exchange.xforce.ibmcloud.com/vulnerabilities/46003
https://www.exploit-db.com/exploits/6801

URL

タグ

http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00009.html

http://secunia.com/advisories/32299

Vendor Advisory

http://secunia.com/advisories/32394

http://secunia.com/advisories/32538

http://security.gentoo.org/glsa/glsa-200811-01.xml

http://securityreason.com/securityalert/4504

http://www.openwall.com/lists/oss-security/2008/10/21/6

http://www.openwall.com/lists/oss-security/2008/10/22/5

http://www.opera.com/docs/changelogs/freebsd/961/