KDE Vulnerability in Certificate Validation for Konqueror Embedded and Earlier
CVE-2003-0370

Currently unrated

Key Information:

Vendor: Apple
Status: Safari; Konqueror Embedded
Vendor: CVE Published:; 16 June 2003

Summary

The Konqueror Embedded and KDE versions 2.2.2 and earlier exhibit a significant flaw in their validation of the Common Name (CN) field in X.509 certificates. This vulnerability permits remote attackers to spoof certificates, potentially facilitating man-in-the-middle attacks. Users relying on these versions are at risk, as the lack of proper validation can lead to compromised communications and unauthorized access to sensitive information. It is essential for users to upgrade to versions that address this validation issue to enhance their security.

References

http://www.redhat.com/support/errata/RHSA-2003-192.html

vendor-advisoryx_refsource_REDHAT

http://lists.grok.org.uk/pipermail/full-disclosure/2003-M...

mailing-listx_refsource_FULLDISC

http://www.turbolinux.com/security/TLSA-2003-36.txt

vendor-advisoryx_refsource_TURBO

Timeline

Vulnerability published
Jun 16, 2003
Vulnerability Reserved
Jun 3, 2003