Vulnerability Description
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kde | Konqueror | 3.5.5 |
References
- http://nils.toedtmann.net/pub/subjectAltName.txt
- http://securityreason.com/securityalert/3498
- http://www.securityfocus.com/archive/1/483929/100/100/threaded
- http://www.securityfocus.com/archive/1/483937/100/100/threaded
- http://www.securityfocus.com/archive/1/483960/100/100/threaded
- http://nils.toedtmann.net/pub/subjectAltName.txt
- http://securityreason.com/securityalert/3498
- http://www.securityfocus.com/archive/1/483929/100/100/threaded
- http://www.securityfocus.com/archive/1/483937/100/100/threaded
- http://www.securityfocus.com/archive/1/483960/100/100/threaded
FAQ
What is CVE-2007-6591?
CVE-2007-6591 is a vulnerability with a CVSS score of 4.3 (MEDIUM). KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subj...
How severe is CVE-2007-6591?
CVE-2007-6591 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6591?
Check the references section above for vendor advisories and patch information. Affected products include: Kde Konqueror.