Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
20 Nov 2024, 23:44
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html - | |
References | () http://www.debian.org/security/2003/dsa-361 - | |
References | () http://www.kde.org/info/security/advisory-20030602-1.txt - Patch, Vendor Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2003-192.html - Patch, Vendor Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2003-193.html - | |
References | () http://www.securityfocus.com/archive/1/320707 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/7520 - | |
References | () http://www.turbolinux.com/security/TLSA-2003-36.txt - |
Information
Published : 2003-06-16 04:00
Updated : 2024-11-20 23:44
NVD link : CVE-2003-0370
Mitre link : CVE-2003-0370
CVE.ORG link : CVE-2003-0370
JSON object : View
Products Affected
redhat
- linux
apple
- safari
turbolinux
- turbolinux_workstation
- turbolinux_server
kde
- konqueror_embedded
- kde
CWE