Sign-up

ID

VAR-200306-0053


CVE

CVE-2003-0370


TITLE

KDE Konqueror In SSL Unchecked vulnerability for certificates

Trust: 0.8

sources: JVNDB: JVNDB-2003-000171

DESCRIPTION

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. KDE Included file manager or Web Used as a browser Konqueror Is SSL Due to incomplete implementation of SSL The check against the certificate is not the host name IP User forged because it is done with an address SSL A vulnerability exists that accepts a certificate without realizing it is a certificate.SSL Untrusted through malicious Web May connect to site. The browser fails to detect cases where the CN doesn't match the hostname of the server. This could lead to a variety of attacks, including the possibility of allowing a malicious server to masquerade as a trusted server. The non-embedded Konqueror distribution is reportedly not affected by this issue

Trust: 1.98

sources: NVD: CVE-2003-0370 // JVNDB: JVNDB-2003-000171 // BID: 7520 // VULHUB: VHN-7199

AFFECTED PRODUCTS

vendor:turbolinuxmodel:workstationscope:eqversion:8.0

Trust: 1.3

vendor:turbolinuxmodel:workstationscope:eqversion:7.0

Trust: 1.3

vendor:turbolinuxmodel:serverscope:eqversion:8.0

Trust: 1.3

vendor:turbolinuxmodel:serverscope:eqversion:7.0

Trust: 1.3

vendor:kdemodel:konqueror embeddedscope:eqversion:0.1

Trust: 1.3

vendor:kdemodel:kdescope:lteversion:2.2.2

Trust: 1.0

vendor:redhatmodel:linuxscope:eqversion:7.1

Trust: 1.0

vendor:redhatmodel:linuxscope:eqversion:7.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.0

vendor:kdemodel:kdescope:eqversion:2.2.2

Trust: 0.9

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:7

Trust: 0.8

vendor:turbo linuxmodel:turbolinux serverscope:eqversion:8

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.1

Trust: 0.8

vendor:red hatmodel:linuxscope:eqversion:7.2

Trust: 0.8

vendor:kdemodel:ascope:neversion:3.1.1

Trust: 0.3

vendor:kdemodel:kdescope:neversion:3.1.1

Trust: 0.3

vendor:kdemodel:kdescope:neversion:3.1

Trust: 0.3

vendor:kdemodel:bscope:neversion:3.0.5

Trust: 0.3

vendor:kdemodel:ascope:neversion:3.0.5

Trust: 0.3

vendor:kdemodel:kdescope:neversion:3.0.5

Trust: 0.3

vendor:kdemodel:kdescope:neversion:3.0.4

Trust: 0.3

vendor:kdemodel:ascope:neversion:3.0.3

Trust: 0.3

vendor:kdemodel:kdescope:neversion:3.0.3

Trust: 0.3

vendor:kdemodel:kdescope:neversion:3.0.2

Trust: 0.3

vendor:kdemodel:kdescope:neversion:3.0.1

Trust: 0.3

vendor:kdemodel:kdescope:neversion:3.0

Trust: 0.3

sources: BID: 7520 // JVNDB: JVNDB-2003-000171 // CNNVD: CNNVD-200306-100 // NVD: CVE-2003-0370

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0370
value: HIGH

Trust: 1.0

NVD: CVE-2003-0370
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200306-100
value: HIGH

Trust: 0.6

VULHUB: VHN-7199
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-0370
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-7199
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-7199 // JVNDB: JVNDB-2003-000171 // CNNVD: CNNVD-200306-100 // NVD: CVE-2003-0370

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0370

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200306-100

TYPE

Design Error

Trust: 0.9

sources: BID: 7520 // CNNVD: CNNVD-200306-100

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2003-000171

PATCH
title:RHSA-2003:192url:https://rhn.redhat.com/errata/RHSA-2003-192.html
Trust: 0.8
title:TLSA-2003-36url:http://www.turbolinux.com/security/2003/TLSA-2003-36.txt
Trust: 0.8
title:RHSA-2003:192url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-192J.html
Trust: 0.8
title:TLSA-2003-36url:http://www.turbolinux.co.jp/security/2003/TLSA-2003-36j.txt
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2003-000171

EXTERNAL IDS
db:NVDid:CVE-2003-0370
Trust: 2.8
db:BIDid:7520
Trust: 2.8
db:JVNDBid:JVNDB-2003-000171
Trust: 0.8
db:CNNVDid:CNNVD-200306-100
Trust: 0.7
db:DEBIANid:DSA-361
Trust: 0.6
db:TURBOid:TLSA-2003-36
Trust: 0.6
db:BUGTRAQid:20030507 PROBLEM: MULTIPLE WEB BROWSERS DO NOT DO NOT VALIDATE CN ON CERTIFICATES.
Trust: 0.6
db:REDHATid:RHSA-2003:192
Trust: 0.6
db:REDHATid:RHSA-2003:193
Trust: 0.6
db:FULLDISCid:20030510 [FORWARD]APPLE SAFARI AND KONQUEROR EMBEDDED COMMON NAME VERIFICATION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-7199
Trust: 0.1
sources:
            
            
            VULHUB: VHN-7199 // 
            
            
            
            BID: 7520 // 
            
            
            
            JVNDB: JVNDB-2003-000171 // 
            
            
            
            CNNVD: CNNVD-200306-100 // 
            
            
            
            NVD: CVE-2003-0370

REFERENCES
url:http://www.securityfocus.com/bid/7520
Trust: 2.5
url:http://www.kde.org/info/security/advisory-20030602-1.txt
Trust: 2.0
url:http://www.securityfocus.com/archive/1/320707
Trust: 1.7
url:http://www.debian.org/security/2003/dsa-361
Trust: 1.7
url:http://lists.grok.org.uk/pipermail/full-disclosure/2003-may/004983.html
Trust: 1.7
url:http://www.redhat.com/support/errata/rhsa-2003-192.html
Trust: 1.7
url:http://www.redhat.com/support/errata/rhsa-2003-193.html
Trust: 1.7
url:http://www.turbolinux.com/security/tlsa-2003-36.txt
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0370
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0370
Trust: 0.8
url:http://www.konqueror.org/embedded/
Trust: 0.3
url:http://rhn.redhat.com/errata/rhsa-2003-193.html
Trust: 0.3
url:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f55660
Trust: 0.3
url:http://sunsolve.sun.com/patches/linux/security.html
Trust: 0.3
url:/archive/1/320707
Trust: 0.3
sources:
            
            
            VULHUB: VHN-7199 // 
            
            
            
            BID: 7520 // 
            
            
            
            JVNDB: JVNDB-2003-000171 // 
            
            
            
            CNNVD: CNNVD-200306-100 // 
            
            
            
            NVD: CVE-2003-0370

CREDITS
Discovery of this issue is credited to Simson L. Garfinkel and Jesse Burns.
Trust: 0.9
sources:
            
            
            BID: 7520 // 
            
            
            
            CNNVD: CNNVD-200306-100

SOURCES
db:VULHUBid:VHN-7199
db:BIDid:7520
db:JVNDBid:JVNDB-2003-000171
db:CNNVDid:CNNVD-200306-100
db:NVDid:CVE-2003-0370

LAST UPDATE DATE
2024-08-14T12:26:26.827000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-7199date:2008-09-10T00:00:00
db:BIDid:7520date:2007-02-21T17:36:00
db:JVNDBid:JVNDB-2003-000171date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200306-100date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0370date:2008-09-10T19:18:47.117

SOURCES RELEASE DATE
db:VULHUBid:VHN-7199date:2003-06-16T00:00:00
db:BIDid:7520date:2003-05-07T00:00:00
db:JVNDBid:JVNDB-2003-000171date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200306-100date:2003-06-16T00:00:00
db:NVDid:CVE-2003-0370date:2003-06-16T04:00:00