CVE-2014-3494

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html
http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f	Exploit Patch
http://www.kde.org/info/security/advisory-20140618-1.txt	Vendor Advisory
http://www.securityfocus.com/bid/68113

Configurations

Configuration 1 (hide)

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:kde:kdelibs:4.10.97:::::::*
	cpe:2.3:a:kde:kdelibs:4.11.0:::::::*
	cpe:2.3:a:kde:kdelibs:4.11.1:::::::*
	cpe:2.3:a:kde:kdelibs:4.11.2:::::::*
	cpe:2.3:a:kde:kdelibs:4.11.3:::::::*
	cpe:2.3:a:kde:kdelibs:4.11.4:::::::*
	cpe:2.3:a:kde:kdelibs:4.11.5:::::::*
	cpe:2.3:a:kde:kdelibs:4.11.80:::::::*
	cpe:2.3:a:kde:kdelibs:4.11.90:::::::*
	cpe:2.3:a:kde:kdelibs:4.11.95:::::::*
	cpe:2.3:a:kde:kdelibs:4.11.97:::::::*
	cpe:2.3:a:kde:kdelibs:4.12.0:::::::*
	cpe:2.3:a:kde:kdelibs:4.12.1:::::::*
	cpe:2.3:a:kde:kdelibs:4.12.2:::::::*
	cpe:2.3:a:kde:kdelibs:4.12.3:::::::*
	cpe:2.3:a:kde:kdelibs:4.12.4:::::::*
	cpe:2.3:a:kde:kdelibs:4.12.5:::::::*
	cpe:2.3:a:kde:kdelibs:4.12.80:::::::*
	cpe:2.3:a:kde:kdelibs:4.12.90:::::::*
	cpe:2.3:a:kde:kdelibs:4.12.95:::::::*
	cpe:2.3:a:kde:kdelibs:4.12.97:::::::*
	cpe:2.3:a:kde:kdelibs:4.13.0:::::::*
	cpe:2.3:a:kde:kdelibs:4.13.1:::::::*

History

No history.

Information

Published : 2014-07-01 16:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-3494

Mitre link : CVE-2014-3494

CVE.ORG link : CVE-2014-3494

JSON object : View

Products Affected

kde

kdelibs

opensuse

opensuse

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2014-3494", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-07-01T16:55:02.980", "references": [{"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html", "source": "secalert@redhat.com"}, {"url": "http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f", "tags": ["Exploit", "Patch"], "source": "secalert@redhat.com"}, {"url": "http://www.kde.org/info/security/advisory-20140618-1.txt", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/68113", "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate."}, {"lang": "es", "value": "kio/usernotificationhandler.cpp en POP3 kioslave en kdelibs 4.10.95 anterior a 4.13.3 no genera debidamente notificaciones de aviso, lo que permite a atacantes man-in-the-middle obtener informaci\u00f3n sensible a trav\u00e9s de un certificado inv\u00e1lido."}], "lastModified": "2018-10-30T16:27:34.687", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kde:kdelibs:4.10.97:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B34C3204-4A63-4490-ABED-AF83CE3F37E0"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39EAE85E-BF52-45EA-82D8-BBBC0DE9759C"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B4D1998-D62F-4D0E-8E6C-33D4760BE69D"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13CD2D8F-32F6-4AC4-B43C-506724EA6E38"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4733C600-C5D6-4A5D-A1DF-1F41597F6926"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC7EBD3A-EDFC-4B8F-9095-5E0670AF991E"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55EC512F-3F86-40DA-AA7B-034DA9B5DBA3"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.80:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08FF236F-A7D5-4D08-8885-BD1889B0D398"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.90:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F5EDED4-34A3-4D2B-A9E7-D980D78E10EA"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.95:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46457BB9-BD24-4437-AFDA-01D25E52410E"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.97:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52A2D11C-26D2-47F1-9D34-60DB3116C39E"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A58204C3-0DEC-462B-A6B8-5EC1D9B65729"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C767A89D-BA45-4730-BA2D-AAC2BA7436E0"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A5FC4CC-DC0C-44D8-AAF6-A15CF7E6BD5C"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24629660-4066-4362-AD77-080604488303"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "718095EE-ADEC-4E28-B678-DA3D636BBE32"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA3E3729-298F-43C3-9BE0-82072FE47F9B"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.80:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6FC3277-8410-437F-813A-63254E983A5F"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.90:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88E2B874-46DF-4A95-9541-14CF70E2A73D"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.95:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A593BA6-D3B2-48EE-AC9E-B84967D03B37"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.97:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14034B30-9DE0-43EE-A79D-D4FC624D6C86"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A34BC1E-102D-43EF-A7BD-46E9866B07ED"}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90E66075-D997-4C6D-94AA-DE224B12BB2D"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}