The SSL capability for Konqueror in KDE 3.0.2 and previous versions does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote malicious users to spoof the certificates of trusted sites via a man-in-the-middle attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kde konqueror 2.2.2 |
||
kde konqueror 3.0 |
||
kde konqueror 3.0.1 |
||
kde konqueror 3.0.2 |
||
kde kde 3.0.1 |
||
kde kde 3.0.2 |
||
kde kde 2.2.2 |
||
kde kde 3.0 |