CVE-2007-6591
published 2007-12-28CVE-2007-6591: KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as…
PriorityP414medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
0.82%
52.7th percentile
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kde | konqueror | — | — |
| kde | konqueror | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
konqueror: Certificate accepted for alt names, when only common name is shown
vendor_redhat·2007-11-18·CVSS 4.3
CVE-2007-6591 [MEDIUM] CWE-451 konqueror: Certificate accepted for alt names, when only common name is shown
konqueror: Certificate accepted for alt names, when only common name is shown
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: kdebase (Re
GHSA
GHSA-v2mp-wwpv-88m2: KDE Konqueror 3
ghsa_unreviewed·2022-05-01
CVE-2007-6591 [MEDIUM] GHSA-v2mp-wwpv-88m2: KDE Konqueror 3
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
No detection rules found.
No public exploits indexed.
http://nils.toedtmann.net/pub/subjectAltName.txthttp://securityreason.com/securityalert/3498http://www.securityfocus.com/archive/1/483929/100/100/threadedhttp://www.securityfocus.com/archive/1/483937/100/100/threadedhttp://www.securityfocus.com/archive/1/483960/100/100/threadedhttp://nils.toedtmann.net/pub/subjectAltName.txthttp://securityreason.com/securityalert/3498http://www.securityfocus.com/archive/1/483929/100/100/threadedhttp://www.securityfocus.com/archive/1/483937/100/100/threadedhttp://www.securityfocus.com/archive/1/483960/100/100/threaded
2007-12-28
Published