Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0970

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0970
Last Modified 05 Sep 2008 04:29:25
Published 24 Sep 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0970

Summary

The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

Vulnerable Systems

Operating System

  • Kde 2.2.2

  • Kde 3.0

  • Kde 3.0.1

  • Kde 3.0.2

Application

  • Kde Konqueror 2.2.2

  • Kde Konqueror 3.0

  • Kde Konqueror 3.0.1

  • Kde Konqueror 3.0.2


References

BID - 5410

DEBIAN - DSA-155

XF - ssl-ca-certificate-spoofing(9776)

CONFIRM - http://www.kde.org/info/security/advisory-20020818-1.txt

BUGTRAQ - 20020812 Re: IE SSL Vulnerability (Konqueror affected too)

REDHAT - RHSA-2002:221

REDHAT - RHSA-2002:220

MANDRAKE - MDKSA-2002:058

CONECTIVA - CLA-2002:519

BUGTRAQ - 20020818 KDE Security Advisory: Konqueror SSL vulnerability

CALDERA - CSSA-2002-047.0


Last Updated: 27 May 2016 10:37:08