CVE-2004-0371Heimdal vulnerability

6 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 23.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Heimdal Project HeimdalKTH Heimdal
Timeline
PublishedMay 4
Latest updateMay 3

Description

Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debianheimdal_project/heimdal< 0.6.1-1+3
NVDkth/heimdal9 versions+8

Patches

Patch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-p2xx-mp65-2vff: Heimdal 02022-05-03
OSV
CVE-2004-0371: Heimdal 02004-05-04
CVEList
CVE-2004-0371: Heimdal 02004-04-06

📋Vendor Advisories

1
Debian
CVE-2004-0371: heimdal - Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform cert...2004
CVE-2004-0371 — KTH Heimdal vulnerability | cvebase