Published: 01/07/2014 Updated: 30/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 prior to 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle malicious users to obtain sensitive information via an invalid certificate.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse opensuse 13.1
kde kdelibs 4.11.5
kde kdelibs 4.11.90
kde kdelibs 4.12.4
kde kdelibs 4.11.95
kde kdelibs 4.11.97
kde kdelibs 4.12.0
kde kdelibs 4.12.1
kde kdelibs 4.12.2
kde kdelibs 4.11.0
kde kdelibs 4.11.1
kde kdelibs 4.11.2
kde kdelibs 4.11.3
kde kdelibs 4.12.90
kde kdelibs 4.12.95
kde kdelibs 4.12.97
kde kdelibs 4.13.0
kde kdelibs 4.12.80
kde kdelibs 4.13.1
kde kdelibs 4.10.97
kde kdelibs 4.11.4
kde kdelibs 4.11.80
kde kdelibs 4.12.3
kde kdelibs 4.12.5

Debian Bug report logs - #752052 kde4libs: CVE-2014-3494: POP3 kioslave silently accepted invalid SSL certificates Package: src:kde4libs; Maintainer for src:kde4libs is Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 19 Jun 2014 06:12 ...

kio/usernotificationhandlercpp in the POP3 kioslave in kdelibs 41095 before 4133 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate ...

CWE-200 http://www.securityfocus.com/bid/68113 http://www.kde.org/info/security/advisory-20140618-1.txt http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752052 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-3494

CVE-2014-3494

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect