6.8

CVSS Score

Basic Information

CVE ID

CVE-2016-10565

GHSA ID

GHSA-2wrq-wmqf-8vcc

EPSS Score

CWE

CWE-311

Published

2/18/2019

Updated

1/9/2023

KEV Status

Technology

JavaScript

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2016-10565

CVE-2016-10565:
Downloads Resources over HTTP in operadriver

operadriver is a Opera Driver for Selenium.

operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.

Recommendation

Update to version 0.2.3 or later.

(GitHub Advisory)

6.8

CVSS Score

Basic Information

CVE ID

CVE-2016-10565

GHSA ID

GHSA-2wrq-wmqf-8vcc

EPSS Score

CWE

CWE-311

Published

2/18/2019

Updated

1/9/2023

KEV Status

Technology

JavaScript

Technical Details

CVSS Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
operadriver	npm	< 0.2.3	0.2.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from insecure HTTP downloads of operadriver binaries. The most likely candidate is the function responsible for constructing/downloading these URLs. While exact commit data isn't available, the vulnerability pattern matches common driver installation implementations where URL protocols are hardcoded. The function handling download URL generation (likely named getDownloadUrl or similar in an installation module) would be the point of vulnerability when using HTTP. Confidence is medium due to inference from vulnerability description rather than explicit patch analysis.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

op*r**riv*r is * Op*r* *riv*r *or S*l*nium. op*r**riv*r v*rsions **low *.*.* *ownlo** *in*ry r*sour**s ov*r *TTP, w*i** l**v*s it vuln*r**l* to MITM *tt**ks. It m*y ** possi*l* to **us* r*mot* *o** *x**ution (R**) *y sw*ppin* out t** r*qu*st** *in*

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* *TTP *ownlo**s o* op*r**riv*r *in*ri*s. T** most lik*ly **n*i**t* is t** *un*tion r*sponsi*l* *or *onstru*tin*/*ownlo**in* t**s* URLs. W*il* *x**t *ommit **t* isn't *v*il**l*, t** vuln*r**ility p*tt*rn m*t***s *o

6.8

Basic Information

Concerned about an active attack path?

CVE-2016-10565: Downloads Resources over HTTP in operadriver

Recommendation

6.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2016-10565:
Downloads Resources over HTTP in operadriver

Vulnerability Intelligence
Miggo AI