Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0370

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2003-0370
Last Modified 10 Sep 2008 03:18:47
Published 16 Jun 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0370

Summary

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.

Vulnerable Systems

Operating System

  • Kde 2.2.2

  • Redhat Linux 7.1

  • Redhat Linux 7.2

  • Turbolinux Server 7.0

  • Turbolinux Server 8.0

  • Turbolinux Workstation 7.0

  • Turbolinux Workstation 8.0

Application

  • Apple Safari 1.0

  • Kde Konqueror Embedded 0.1


References

REDHAT - RHSA-2003:192

CONFIRM - http://www.kde.org/info/security/advisory-20030602-1.txt

TURBO - TLSA-2003-36

BUGTRAQ - 20030507 Problem: Multiple Web Browsers do not do not validate CN on certificates.

REDHAT - RHSA-2003:193

DEBIAN - DSA-361

FULLDISC - 20030510 [forward]Apple Safari and Konqueror Embedded Common Name Verification Vulnerability

BID - 7520


Last Updated: 27 May 2016 10:37:53