Vulnerability Description
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | 1.0 |
| Kde | Konqueror Embedded | 0.1 |
| Kde | Kde | <= 2.2.2 |
| Redhat | Linux | 7.1 |
| Turbolinux | Turbolinux Server | 7.0 |
| Turbolinux | Turbolinux Workstation | 7.0 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html
- http://www.debian.org/security/2003/dsa-361
- http://www.kde.org/info/security/advisory-20030602-1.txtPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2003-192.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2003-193.html
- http://www.securityfocus.com/archive/1/320707Vendor Advisory
- http://www.securityfocus.com/bid/7520
- http://www.turbolinux.com/security/TLSA-2003-36.txt
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html
- http://www.debian.org/security/2003/dsa-361
- http://www.kde.org/info/security/advisory-20030602-1.txtPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2003-192.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2003-193.html
- http://www.securityfocus.com/archive/1/320707Vendor Advisory
- http://www.securityfocus.com/bid/7520
FAQ
What is CVE-2003-0370?
CVE-2003-0370 is a vulnerability with a CVSS score of 7.5 (HIGH). Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attac...
How severe is CVE-2003-0370?
CVE-2003-0370 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0370?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Kde Konqueror Embedded, Kde Kde, Redhat Linux, Turbolinux Turbolinux Server.