CVE-2003-0370

2003-06-1604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

konqueror

kde

validation issue

x.509 certificates

man-in-the-middle attack

security vulnerability

6.4 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.5%

JSON

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.

CPENameOperatorVersion
apple:safariapple safarieq1.0
kde:konqueror_embeddedkde konqueror embeddedeq0.1
redhat:linuxredhat linuxeq7.2
turbolinux:turbolinux_serverturbolinux turbolinux servereq7.0
turbolinux:turbolinux_workstationturbolinux turbolinux workstationeq7.0
turbolinux:turbolinux_workstationturbolinux turbolinux workstationeq8.0
kde:kdekdele2.2.2
turbolinux:turbolinux_serverturbolinux turbolinux servereq8.0
redhat:linuxredhat linuxeq7.1

CPE	Name	Operator	Version
apple:safari	apple safari	eq	1.0
kde:konqueror_embedded	kde konqueror embedded	eq	0.1
redhat:linux	redhat linux	eq	7.2
turbolinux:turbolinux_server	turbolinux turbolinux server	eq	7.0
turbolinux:turbolinux_workstation	turbolinux turbolinux workstation	eq	7.0
turbolinux:turbolinux_workstation	turbolinux turbolinux workstation	eq	8.0
kde:kde	kde	le	2.2.2
turbolinux:turbolinux_server	turbolinux turbolinux server	eq	8.0
redhat:linux	redhat linux	eq	7.1