CVE-2003-0370
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
79.6%
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apple | safari | 1.0 | cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:* |
| apple | safari | 1.0 | cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:* |
| kde | konqueror_embedded | 0.1 | cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:* |
| kde | kde | * | cpe:2.3:o:kde:kde:*:*:*:*:*:*:*:* |
| redhat | linux | 7.1 | cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:* |
| redhat | linux | 7.2 | cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:* |
| turbolinux | turbolinux_server | 7.0 | cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:* |
| turbolinux | turbolinux_server | 8.0 | cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:* |
| turbolinux | turbolinux_workstation | 7.0 | cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:* |
| turbolinux | turbolinux_workstation | 8.0 | cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:* |
References
lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html
www.debian.org/security/2003/dsa-361
www.kde.org/info/security/advisory-20030602-1.txt
www.redhat.com/support/errata/RHSA-2003-192.html
www.redhat.com/support/errata/RHSA-2003-193.html
www.securityfocus.com/archive/1/320707
www.securityfocus.com/bid/7520
www.turbolinux.com/security/TLSA-2003-36.txt
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
79.6%