CVE-2003-0370

6 documents5 sources

Severity

7.5HIGH

EPSS

0.9%

top 23.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE KDE Apple Safari KDE Konqueror Embedded +3 more

Timeline

PublishedJun 16

Latest updateApr 29

Description

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

▶NVDkde/konqueror_embedded0.1

▶NVDkde/kde2.2.2

▶NVDapple/safari1.0

▶NVDredhat/linux7.1, 7.2+1

▶NVDturbolinux/turbolinux_server7.0, 8.0+1

Patches

Patch: www.kde.org ↗Patch: www.redhat.com ↗Patch: www.kde.org ↗

🔴Vulnerability Details

GHSA

GHSA-9cxf-vv6j-h6r9: Konqueror Embedded and KDE 2↗2022-04-29

▶

CVEList

CVE-2003-0370: Konqueror Embedded and KDE 2↗2003-06-05

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-06-02

▶

💬Community

Bugzilla

CVE-2003-0370 security flaw↗2018-08-16

▶

Bugzilla

CAN-2003-0370 KDE SSL CA checking implementation vulnerability↗2003-06-03

▶