ID

VAR-200209-0010


CVE

CVE-2002-0970


TITLE

KDE of Konqueror Vulnerability in Forged Trusted Site Certificate Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2002-000295

DESCRIPTION

The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. ------------ This vulnerability information is a summary of multiple vulnerabilities released at the same time. Please note that the contents of vulnerability information other than the title are included. ------------ * KDE Is X Window System It is a comprehensive desktop environment developed for use. * Red Hat Linux Implemented in KDE 2.x , 3.x Has several security issues: 1. KDE 3.0.2 Included with Web browser Konqueror of SSL There is a problem that the site that is not functional and treats an untrusted site as a trusted site. 2. KDE 3.0 From 3.0.2 of Konqueror In Cookie of secure There is a flaw that does not detect the flag, Cookie There is a problem that leaks. 3. KDE 3.0.3 previous Konqueror Has a problem with cross-site scripting attacks. 4. KDE 3.0.1 Implemented from kpf There is a problem with a file that allows a local attacker to view an arbitrary file. 5. KDE 2.x From 3.0.4 In rlogin Protocol and telnet There is a flaw in the implementation of the protocol that can be exploited by remote and local attackers KDE There is a problem that arbitrary code is executed with the execution right. 6. KDE LAN Provide browsing function resLISa There is a buffer overflow problem, LISa Has a privilege escalation problem. (LISa The service is disabled by default )Please refer to the “Overview” for the impact of this vulnerability. A flaw has been reported in the handling of X.509 certificates by a number of products, including several web browsers. It may be possible for a malicious party to create certificates for arbitrary domains, which will be treated as trusted by the vulnerable browser. The flaw lies in the handling of intermediate certificate authorities. Normally, intermediate certificates should possess a Basic Constraints field which states the certificate may be used as a signing authority. Vulnerable products do not require the Basic Constraints field be properly defined. A malicious party with one valid certificate may sign a new certificate for an arbitrary domain. This may allow the attacker to spoof a sensitive domain, or to attempt a man-in-the-middle attack against encrypted communications. This vulnerability was originally reported in Microsoft's Internet Explorer web browser. It has been reported that, in the case of Microsoft Internet Explorer, the flaw lies in some cryptographic functions implemented in the operating system. It should be noted that this flaw has not been reported in the Cryptographic API included with Microsoft Windows. Reports state that IIS 5.0 under Windows 2000 is also vulnerable. In this case, client certificate chains are not properly verified. Attackers may exploit this vulnerability to bypass some authentication schemes. Versions 3.0.2 and earlier are vulnerable. ** A report suggests that the patch issued by Microsoft may not fully protect against this vulnerability. It may be possible that a malicious site using an invalid certificate may mislead users into believing that a certificate is expired rather than being invalid. ** UPDATE 11/11/03 - Microsoft has updated their bulletin for this issue. Users who installed Internet Explorer 6 after installing Windows 2000 Service Pack 4 may have reintroduced this issue onto their systems. A new patch is available for users who installed Internet Explorer 6 on Windows 2000 SP4 systems

Trust: 1.89

sources: NVD: CVE-2002-0970 // JVNDB: JVNDB-2002-000295 // BID: 5410

AFFECTED PRODUCTS

vendor:kdemodel:konquerorscope:eqversion:3.0.2

Trust: 1.9

vendor:kdemodel:konquerorscope:eqversion:3.0.1

Trust: 1.9

vendor:kdemodel:konquerorscope:eqversion:3.0

Trust: 1.9

vendor:kdemodel:konquerorscope:eqversion:2.2.2

Trust: 1.9

vendor:kdemodel:kdescope:eqversion:3.0.2

Trust: 1.9

vendor:kdemodel:kdescope:eqversion:3.0.1

Trust: 1.9

vendor:kdemodel:kdescope:eqversion:3.0

Trust: 1.9

vendor:kdemodel:kdescope:eqversion:2.2.2

Trust: 1.9

vendor:red hatmodel:linuxscope:eqversion:7.2

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.3

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:8.0

Trust: 0.8

vendor:microsoftmodel:windows xp professional sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xp professionalscope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xp home sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xp homescope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xp 64-bit edition sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xp 64-bit editionscope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xpscope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp6ascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp6scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp4scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp2scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstation sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt workstationscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp6scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp4scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp2scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal server sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt terminal serverscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp6ascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp6scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp4scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp2scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt server sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt serverscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp6ascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp6scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp4scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp2scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise server sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt enterprise serverscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt sp6a alphascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt sp6ascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt sp6 alphascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt sp6scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt sp5 alphascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt sp5scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt sp4 alphascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt sp4scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt sp3 alphascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt sp3scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt sp2 alphascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt sp2scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt sp1 alphascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt sp1scope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows nt alphascope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows ntscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:windows mescope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows 98sescope: - version: -

Trust: 0.3

vendor:microsoftmodel:windowsscope:eqversion:98

Trust: 0.3

vendor:microsoftmodel:windows terminal services sp3scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows terminal services sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows terminal services sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows terminal servicesscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows server sp4scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows server sp3scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp4scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp3scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professionalscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp4scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp3scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows datacenter serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp4scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp3scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:outlook express for macosscope:eqversion:5.0.3

Trust: 0.3

vendor:microsoftmodel:outlook express for macosscope:eqversion:5.0.2

Trust: 0.3

vendor:microsoftmodel:outlook express for macosscope:eqversion:5.0.1

Trust: 0.3

vendor:microsoftmodel:outlook express for macosscope:eqversion:5.0

Trust: 0.3

vendor:microsoftmodel:outlook express for macosscope:eqversion:4.5

Trust: 0.3

vendor:microsoftmodel:outlook expressscope:eqversion:5.0

Trust: 0.3

vendor:microsoftmodel:officescope:eqversion:v.x

Trust: 0.3

vendor:microsoftmodel:office for macscope:eqversion:98

Trust: 0.3

vendor:microsoftmodel:office for macintosh sr1scope:eqversion:2001

Trust: 0.3

vendor:microsoftmodel:office for macintoshscope:eqversion:2001

Trust: 0.3

vendor:microsoftmodel:internet explorer sp2scope:eqversion:5.0.1

Trust: 0.3

vendor:microsoftmodel:internet explorer sp1scope:eqversion:5.0.1

Trust: 0.3

vendor:microsoftmodel:internet explorerscope:eqversion:5.0.1

Trust: 0.3

vendor:microsoftmodel:internet explorerscope:eqversion:6.0

Trust: 0.3

vendor:microsoftmodel:internet explorer sp2scope:eqversion:5.5

Trust: 0.3

vendor:microsoftmodel:internet explorer sp1scope:eqversion:5.5

Trust: 0.3

vendor:microsoftmodel:internet explorerscope:eqversion:5.5

Trust: 0.3

vendor:microsoftmodel:internet explorer for windowsscope:eqversion:5.02000

Trust: 0.3

vendor:microsoftmodel:internet explorerscope:eqversion:5.0

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 0.3

vendor:kdemodel:kdescope:eqversion:2.2.1

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:7.0.0.12

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:7.0.0.11

Trust: 0.3

vendor:beamodel:systems weblogic server for win32scope:eqversion:7.0.0.1

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:7.02

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:7.01

Trust: 0.3

vendor:beamodel:systems weblogic server for win32scope:eqversion:7.0

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:6.14

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:6.13

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:6.12

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:6.11

Trust: 0.3

vendor:beamodel:systems weblogic server for win32scope:eqversion:6.1

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:5.19

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:5.18

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:5.17

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:5.16

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:5.15

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:5.14

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:5.13

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:5.12

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:5.113

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:5.112

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:5.111

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:5.110

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:eqversion:5.11

Trust: 0.3

vendor:beamodel:systems weblogic server for win32scope:eqversion:5.1

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:7.0.0.12

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:7.0.0.11

Trust: 0.3

vendor:beamodel:systems weblogic serverscope:eqversion:7.0.0.1

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:7.03

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:7.02

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:7.01

Trust: 0.3

vendor:beamodel:systems weblogic serverscope:eqversion:7.0

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:6.14

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:6.13

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:6.12

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:6.11

Trust: 0.3

vendor:beamodel:systems weblogic serverscope:eqversion:6.1

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:5.19

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:5.18

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:5.17

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:5.16

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:5.15

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:5.14

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:5.13

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:5.12

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:5.113

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:5.112

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:5.111

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:5.110

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:eqversion:5.11

Trust: 0.3

vendor:beamodel:systems weblogic serverscope:eqversion:5.1

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:7.0.0.12

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:7.0.0.11

Trust: 0.3

vendor:beamodel:systems weblogic express for win32scope:eqversion:7.0.0.1

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:7.02

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:7.01

Trust: 0.3

vendor:beamodel:systems weblogic express for win32scope:eqversion:7.0

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:6.14

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:6.13

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:6.12

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:6.11

Trust: 0.3

vendor:beamodel:systems weblogic express for win32scope:eqversion:6.1

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:5.19

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:5.18

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:5.17

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:5.16

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:5.15

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:5.14

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:5.13

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:5.12

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:5.113

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:5.112

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:5.111

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:5.110

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:eqversion:5.11

Trust: 0.3

vendor:beamodel:systems weblogic express for win32scope:eqversion:5.1

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:7.0.0.12

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:7.0.0.11

Trust: 0.3

vendor:beamodel:systems weblogic expressscope:eqversion:7.0.0.1

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:7.03

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:7.02

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:7.01

Trust: 0.3

vendor:beamodel:systems weblogic expressscope:eqversion:7.0

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:6.14

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:6.13

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:6.12

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:6.11

Trust: 0.3

vendor:beamodel:systems weblogic expressscope:eqversion:6.1

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:5.19

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:5.18

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:5.17

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:5.16

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:5.15

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:5.14

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:5.13

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:5.12

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:5.113

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:5.112

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:5.111

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:5.110

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:eqversion:5.11

Trust: 0.3

vendor:beamodel:systems weblogic expressscope:eqversion:5.1

Trust: 0.3

vendor:beamodel:systems weblogic enterprise spscope:eqversion:5.110

Trust: 0.3

vendor:beamodel:systems weblogic enterprisescope:eqversion:5.1

Trust: 0.3

vendor:beamodel:systems weblogic enterprisescope:eqversion:5.0.1

Trust: 0.3

vendor:beamodel:systems tuxedoscope:eqversion:8.1

Trust: 0.3

vendor:beamodel:systems tuxedoscope:eqversion:8.0

Trust: 0.3

vendor:baltimoremodel:mailsecurescope: - version: -

Trust: 0.3

vendor:adammodel:megacz tinysslscope:eqversion:1.0.2

Trust: 0.3

vendor:kdemodel:konquerorscope:neversion:3.0.3

Trust: 0.3

vendor:kdemodel:kdescope:neversion:3.0.3

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:neversion:7.0.0.12

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:neversion:7.02

Trust: 0.3

vendor:beamodel:systems weblogic server for win32 spscope:neversion:6.15

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:neversion:7.0.0.12

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:neversion:7.02

Trust: 0.3

vendor:beamodel:systems weblogic server spscope:neversion:6.15

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:neversion:7.0.0.12

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:neversion:7.02

Trust: 0.3

vendor:beamodel:systems weblogic express for win32 spscope:neversion:6.15

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:neversion:7.0.0.12

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:neversion:7.02

Trust: 0.3

vendor:beamodel:systems weblogic express spscope:neversion:6.15

Trust: 0.3

vendor:adammodel:megacz tinysslscope:neversion:1.0.3

Trust: 0.3

sources: BID: 5410 // JVNDB: JVNDB-2002-000295 // CNNVD: CNNVD-200209-034 // NVD: CVE-2002-0970

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0970
value: HIGH

Trust: 1.0

NVD: CVE-2002-0970
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200209-034
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2002-0970
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2002-000295 // CNNVD: CNNVD-200209-034 // NVD: CVE-2002-0970

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0970

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200209-034

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200209-034

CONFIGURATIONS

sources: JVNDB: JVNDB-2002-000295

PATCH

title:RHSA-2002:220url:http://rhn.redhat.com/errata/RHSA-2002-220.html

Trust: 0.8

title:RHSA-2002:220url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2002-220J.html

Trust: 0.8

sources: JVNDB: JVNDB-2002-000295

EXTERNAL IDS

db:NVDid:CVE-2002-0970

Trust: 2.7

db:BIDid:5410

Trust: 1.9

db:BIDid:5689

Trust: 0.8

db:BIDid:6182

Trust: 0.8

db:BIDid:6157

Trust: 0.8

db:BIDid:5691

Trust: 0.8

db:BIDid:5951

Trust: 0.8

db:JVNDBid:JVNDB-2002-000295

Trust: 0.8

db:CONECTIVAid:CLA-2002:519

Trust: 0.6

db:XFid:9776

Trust: 0.6

db:CALDERAid:CSSA-2002-047.0

Trust: 0.6

db:BUGTRAQid:20020812 RE: IE SSL VULNERABILITY (KONQUEROR AFFECTED TOO)

Trust: 0.6

db:BUGTRAQid:20020818 KDE SECURITY ADVISORY: KONQUEROR SSL VULNERABILITY

Trust: 0.6

db:DEBIANid:DSA-155

Trust: 0.6

db:REDHATid:RHSA-2002:221

Trust: 0.6

db:REDHATid:RHSA-2002:220

Trust: 0.6

db:MANDRAKEid:MDKSA-2002:058

Trust: 0.6

db:CNNVDid:CNNVD-200209-034

Trust: 0.6

sources: BID: 5410 // JVNDB: JVNDB-2002-000295 // CNNVD: CNNVD-200209-034 // NVD: CVE-2002-0970

REFERENCES

url:http://www.securityfocus.com/bid/5410

Trust: 2.6

url:http://www.debian.org/security/2002/dsa-155

Trust: 2.6

url:http://www.kde.org/info/security/advisory-20020818-1.txt

Trust: 2.6

url:http://www.redhat.com/support/errata/rhsa-2002-221.html

Trust: 2.6

url:http://www.redhat.com/support/errata/rhsa-2002-220.html

Trust: 2.6

url:http://www.mandrakesoft.com/security/advisories?name=mdksa-2002:058

Trust: 2.6

url:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519

Trust: 2.6

url:http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html

Trust: 2.6

url:ftp://ftp.caldera.com/pub/security/openlinux/cssa-2002-047.0.txt

Trust: 2.6

url:http://marc.info/?l=bugtraq&m=102918241005893&w=2

Trust: 2.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/9776

Trust: 2.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2002-0970

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2002-0970

Trust: 0.8

url:http://www.securityfocus.com/bid/5691

Trust: 0.8

url:http://www.securityfocus.com/bid/5689

Trust: 0.8

url:http://www.securityfocus.com/bid/5951

Trust: 0.8

url:http://www.securityfocus.com/bid/6182

Trust: 0.8

url:http://www.securityfocus.com/bid/6157

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/9776

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=102918241005893&w=2

Trust: 0.6

url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/news/iarwsv.asp

Trust: 0.3

url:http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms02-050.asp

Trust: 0.3

url:http://www.computerworld.com/securitytopics/security/holes/story/0,10801,73507,00.html

Trust: 0.3

url:http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/bea03-31.jsp

Trust: 0.3

url:http://www.info.apple.com/usen/security/security_updates.html

Trust: 0.3

url:/archive/1/307885

Trust: 0.3

sources: BID: 5410 // JVNDB: JVNDB-2002-000295 // CNNVD: CNNVD-200209-034 // NVD: CVE-2002-0970

CREDITS

Reported by Mike Benham <moxie@thoughtcrime.org>.

Trust: 0.3

sources: BID: 5410

SOURCES

db:BIDid:5410
db:JVNDBid:JVNDB-2002-000295
db:CNNVDid:CNNVD-200209-034
db:NVDid:CVE-2002-0970

LAST UPDATE DATE

2024-11-22T22:54:15.922000+00:00


SOURCES UPDATE DATE

db:BIDid:5410date:2009-07-11T14:56:00
db:JVNDBid:JVNDB-2002-000295date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200209-034date:2005-05-13T00:00:00
db:NVDid:CVE-2002-0970date:2024-11-20T23:40:17.717

SOURCES RELEASE DATE

db:BIDid:5410date:2002-08-06T00:00:00
db:JVNDBid:JVNDB-2002-000295date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200209-034date:2002-09-24T00:00:00
db:NVDid:CVE-2002-0970date:2002-09-24T04:00:00