Published: 24/09/2002 Updated: 10/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The SSL capability for Konqueror in KDE 3.0.2 and previous versions does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote malicious users to spoof the certificates of trusted sites via a man-in-the-middle attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kde konqueror 2.2.2
kde konqueror 3.0
kde konqueror 3.0.1
kde konqueror 3.0.2
kde kde 3.0.1
kde kde 3.0.2
kde kde 2.2.2
kde kde 3.0

Debian Bug report logs - #517791 CVE-2009-0653: missing verification Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@listsaliothdebianorg>; Source for openssl is src:openssl (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Mon, 2 Mar 2009 02 ...

Due to a security engineering oversight, the SSL library from KDE, which Konqueror uses, doesn't check whether an intermediate certificate for a connection is signed by the certificate authority as safe for the purpose, but accepts it when it is signed This makes it possible for anyone with a valid VeriSign SSL site certificate to forge any other ...

NVD-CWE-Other http://www.debian.org/security/2002/dsa-155 http://www.securityfocus.com/bid/5410 http://www.kde.org/info/security/advisory-20020818-1.txt http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:058 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519 http://www.redhat.com/support/errata/RHSA-2002-220.html http://www.redhat.com/support/errata/RHSA-2002-221.html http://marc.info/?l=bugtraq&m=102918241005893&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/9776 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517791 https://nvd.nist.gov https://www.debian.org/security/./dsa-155

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2002-0970

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect