Details of VAR-200701-0295

ID

VAR-200701-0295

CVE

CVE-2007-0537

TITLE

KDE kdelibs Cross-site scripting vulnerability due to title tag

Trust: 0.8

sources: JVNDB: JVNDB-2007-000221

DESCRIPTION

The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. As a result, authentication information may be leaked. Konquerer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. Exploiting this issue may help the attacker steal cookie-based authentication credentials and launch other attacks. All versions of KDE up to and including KDE 3.5.6 are vulnerable to this issue. Apple Safari web browser is also vulnerable to this issue. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200703-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: KHTML: Cross-site scripting (XSS) vulnerability Date: March 10, 2007 Bugs: #165606 ID: 200703-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== The KHTML component shipped with the KDE libraries is prone to a cross-site scripting (XSS) vulnerability. Background ========== KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KHTML is the HTML interpreter used in Konqueror and other parts of KDE. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 kde-base/kdelibs < 3.5.5-r8 >= 3.5.5-r8 Description =========== The KHTML code allows for the execution of JavaScript code located inside the "Title" HTML element, a related issue to the Safari error found by Jose Avila. Impact ====== When viewing a HTML page that renders unsanitized attacker-supplied input in the page title, Konqueror and other parts of KDE will execute arbitrary JavaScript code contained in the page title, allowing for the theft of browser session data or cookies. Workaround ========== There is no known workaround at this time. Resolution ========== All KDElibs users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.5-r8" References ========== [ 1 ] CVE-2007-0537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537 [ 2 ] CVE-2007-0478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0478 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200703-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-420-1 February 06, 2007 kdelibs vulnerability CVE-2007-0537 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: kdelibs4c2 4:3.4.3-0ubuntu2.2 Ubuntu 6.06 LTS: kdelibs4c2a 4:3.5.2-0ubuntu18.2 Ubuntu 6.10: kdelibs4c2a 4:3.5.5-0ubuntu3.1 After a standard system upgrade you need to restart your session to effect the necessary changes. By tricking a Konqueror user into visiting a malicious website, an attacker could bypass cross-site scripting protections. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.diff.gz Size/MD5: 330443 7bf67340aef75bbafe1bf0f517ad0677 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.dsc Size/MD5: 1523 9a013d5dc8f7953036af99dd264f9811 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz Size/MD5: 19981388 36e7a8320bd95760b41c4849da170100 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2.2_all.deb Size/MD5: 6970448 a0a541bd78cb848da8aa97ac4b29d0fe http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2.2_all.deb Size/MD5: 29298458 f04629ca27bafeaa897a86839fc6e645 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2_all.deb Size/MD5: 30714 8ec392ba5ba0f78e9b12dd9d025019d6 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_amd64.deb Size/MD5: 926668 3e7c767a9eeb80d0a85640d7dbfb53d7 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_amd64.deb Size/MD5: 1309046 e73c5de672193ac0385a28dd3accf646 http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_amd64.deb Size/MD5: 22552842 287114119aee64a256f8fce295e9d034 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_amd64.deb Size/MD5: 9109026 aa34fe2f02d9772ad8e25bb36e573505 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_i386.deb Size/MD5: 814498 1eace86f58caf3f936c77e749a45ffc6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_i386.deb Size/MD5: 1305652 0ce209d9c2c5ed846dbb1edc16fe5606 http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_i386.deb Size/MD5: 19410566 85751508b7f13b790cbda8d795930a72 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_i386.deb Size/MD5: 8072650 9caf6a826bb790e309036555f40b9b8d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_powerpc.deb Size/MD5: 909782 0a1cbec28532ca006c7ddcb6990a6e65 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_powerpc.deb Size/MD5: 1310430 f31f57e3c37f8c12e586cfa0084dc203 http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_powerpc.deb Size/MD5: 22763768 b1aba1f6b9ef2c454f2172d442302b49 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_powerpc.deb Size/MD5: 8433768 18b2c898ed6d40844c19635d8b85e8a2 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_sparc.deb Size/MD5: 831058 158b90fe780e29e6618cf4b7f9f96bc8 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_sparc.deb Size/MD5: 1307028 b1c14bf29a7622ac3844c68a652bf21c http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_sparc.deb Size/MD5: 20031538 f2778deea8ef14eb9b3e90f5ed97ab50 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_sparc.deb Size/MD5: 8241130 26c0145f1abb71b0a3ea5a89214df223 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.diff.gz Size/MD5: 477706 5d236a3b69a4bae7b81d337e58a2c3fe http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.dsc Size/MD5: 1609 0a27d1f21c1374d8abf8ea0dba0abf79 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2.orig.tar.gz Size/MD5: 18775353 00c878d449522fb8aa2769a4c5ae1fde Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.2-0ubuntu18.2_all.deb Size/MD5: 7083858 f74b97726f683b5eca3798bd8f7ae2a1 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.2-0ubuntu18.2_all.deb Size/MD5: 41496444 87e2fc31c4dd95cd7d87aeee51dec330 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2_all.deb Size/MD5: 35748 636e14773798c30ddf4c0a87b3d5cd39 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_amd64.deb Size/MD5: 925624 1ba9b88fc6456c6dac97693532412fde http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_amd64.deb Size/MD5: 26451886 2eaed22c02f68909ebe219629a774dc6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_amd64.deb Size/MD5: 1355626 1458250a60303a07ad551ce343ae23ec http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_amd64.deb Size/MD5: 9406898 7f952f591c7345216bfc0bb42277875d i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_i386.deb Size/MD5: 814970 cc6ae65176411013a8dea78a77151e25 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_i386.deb Size/MD5: 22925204 60d4c71b837e82da16d2b1ad75cbf628 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_i386.deb Size/MD5: 1352256 1ceee31122ff0fe680fbdbebbd6c8ced http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_i386.deb Size/MD5: 8334452 427cd25652287fc52ba2bdbd028c2f33 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_powerpc.deb Size/MD5: 905950 4b29acb4cc1a8fb52ff9bb7b3715b0d3 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_powerpc.deb Size/MD5: 26718664 f92f6f62ab9b9bbd0da8cb649dbeb132 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_powerpc.deb Size/MD5: 1356968 a6e62679f09dbafa54137204af905494 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_powerpc.deb Size/MD5: 8689506 0b3b6f533712eb6a8143827d2b01b015 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_sparc.deb Size/MD5: 827096 17f46503797d14c6be17c7fd890ac843 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_sparc.deb Size/MD5: 23623320 36aefb75ec36a60d3308392842556130 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_sparc.deb Size/MD5: 1353298 9627c92acea5abc671668d0b5ecfd744 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_sparc.deb Size/MD5: 8491558 dd2fe11d276e78bb16bd42bc34452c20 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.diff.gz Size/MD5: 734200 8d5db0d6c6070468a32841b75a9e0d83 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.dsc Size/MD5: 1691 7a23f4f003e66e4a4fb90f620a0de347 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5.orig.tar.gz Size/MD5: 18926397 65e455d5814142ee992097230ffe7e80 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.5-0ubuntu3.1_all.deb Size/MD5: 7210528 1e62a8249a44e98da5ba24c1eaa1d4f0 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.5-0ubuntu3.1_all.deb Size/MD5: 39981890 5469fd4b98d68f0e01ddb4bd5ba7d904 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1_all.deb Size/MD5: 37742 2b1ebdb5648cbd390ecd1fa8d6b2d7e4 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_amd64.deb Size/MD5: 27050664 b7884e4a85307416811f755e2ed967aa http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_amd64.deb Size/MD5: 1345432 c2cd5e2b9433e629ae366965b47c30c6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_amd64.deb Size/MD5: 10401586 f02e2f09dfd27d09f2a00daaaa6a7969 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_i386.deb Size/MD5: 26229446 ae021c2a0a95f237a934962a39e13821 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_i386.deb Size/MD5: 1343076 5e46eaa9d38a6876671efd18ac052ef5 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_i386.deb Size/MD5: 9555316 4573d9f461ff2a441a13ac744e8f27e5 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_powerpc.deb Size/MD5: 28018226 74bc9b1b1e11817b33e3027213462fa0 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_powerpc.deb Size/MD5: 1347170 df48d8bc10826c2805d607f4d52eb738 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_powerpc.deb Size/MD5: 9782346 4d5986ecf7ace1bd5bf275d101f98e03 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_sparc.deb Size/MD5: 25362410 e80c7336df062cac6690d745d91730fc http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_sparc.deb Size/MD5: 1343134 cc62c0d393cacc36a552c304cee9b2a1 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_sparc.deb Size/MD5: 9473018 dfff27cb2bcb323d51d4b16e11453d49 . Also affects kdelibs 3.5.6, as per KDE official advisory. Updated packages have been patched to prevent this. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.1: 290249d063eb99aa0267060e28bd3d63 2007.1/i586/kdelibs-common-3.5.6-11.1mdv2007.1.i586.rpm 0392bf166e2b95b8274f67e24066dc8a 2007.1/i586/kdelibs-devel-doc-3.5.6-11.1mdv2007.1.i586.rpm 06107eb81ff8b184812f7a8ae31b52b9 2007.1/i586/libkdecore4-3.5.6-11.1mdv2007.1.i586.rpm ffb71260989867bcec7d7fae45b86b5a 2007.1/i586/libkdecore4-devel-3.5.6-11.1mdv2007.1.i586.rpm 2f2938b43f88a2a197e6cc90b35c63b8 2007.1/SRPMS/kdelibs-3.5.6-11.1mdv2007.1.src.rpm Mandriva Linux 2007.1/X86_64: 258cf38cce814a12a44c79c283de7c3d 2007.1/x86_64/kdelibs-common-3.5.6-11.1mdv2007.1.x86_64.rpm 70b9d63ac375ba65fb6c6b526dfe80f0 2007.1/x86_64/kdelibs-devel-doc-3.5.6-11.1mdv2007.1.x86_64.rpm ee0681c70efd4cebb72a23b773d56f09 2007.1/x86_64/lib64kdecore4-3.5.6-11.1mdv2007.1.x86_64.rpm 664da181e64ab3f343b265cac6de0e87 2007.1/x86_64/lib64kdecore4-devel-3.5.6-11.1mdv2007.1.x86_64.rpm 2f2938b43f88a2a197e6cc90b35c63b8 2007.1/SRPMS/kdelibs-3.5.6-11.1mdv2007.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGvN99mqjQ0CJFipgRAkoiAJ9cYCEKSJXMFS0+C1kOsR82hamhUQCdHdlA 0d14cDmgZcJ1DxJi7dCNr3E= =ix0J -----END PGP SIGNATURE-----

Trust: 2.52

sources: NVD: CVE-2007-0537 // JVNDB: JVNDB-2007-000221 // BID: 22428 // BID: 23020 // PACKETSTORM: 55049 // PACKETSTORM: 54183 // PACKETSTORM: 54252 // PACKETSTORM: 58491

AFFECTED PRODUCTS

vendor:	kde	model:	konqueror	scope:	eq	version:	3.5.5	Trust: 2.4
vendor:	kde	model:	kde	scope:	lte	version:	3.5.6	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	3 (x86-64)	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	4.0 (x86-64)	Trust: 0.8
vendor:	turbo linux	model:	turbolinux	scope:	eq	version:	10_f	Trust: 0.8
vendor:	turbo linux	model:	turbolinux desktop	scope:	eq	version:	10	Trust: 0.8
vendor:	turbo linux	model:	turbolinux fuji	scope:	-	version:	-	Trust: 0.8
vendor:	turbo linux	model:	turbolinux multimedia	scope:	-	version:	-	Trust: 0.8
vendor:	turbo linux	model:	turbolinux personal	scope:	-	version:	-	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	10	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	10 (x64)	Trust: 0.8
vendor:	turbo linux	model:	home	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (as)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (es)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	4 (ws)	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	eq	version:	5 (server)	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	4.0	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	eq	version:	5.0 (client)	Trust: 0.8
vendor:	red hat	model:	rhel desktop workstation	scope:	eq	version:	5 (client)	Trust: 0.8
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	5.10	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	5.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	5.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	5.10	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	6.10	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	6.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	6.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	6.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts sparc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts powerpc	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	6.06	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	6.06	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	10.0	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	10.0.0x64	Trust: 0.3
vendor:	turbolinux	model:	desktop	scope:	eq	version:	10.0	Trust: 0.3
vendor:	turbolinux	model:	fuji	scope:	-	version:	-	Trust: 0.3
vendor:	turbolinux	model:	f...	scope:	eq	version:	10	Trust: 0.3
vendor:	turbolinux	model:	home	scope:	-	version:	-	Trust: 0.3
vendor:	turbolinux	model:	fuji	scope:	eq	version:	0	Trust: 0.3
vendor:	suse	model:	linux enterprise server sdk	scope:	eq	version:	9	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp3	scope:	eq	version:	9	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	9	Trust: 0.3
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise sdk	scope:	eq	version:	9	Trust: 0.3
vendor:	suse	model:	linux enterprise sdk	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	10	Trust: 0.3
vendor:	suse	model:	linux professional x86 64	scope:	eq	version:	10.2	Trust: 0.3
vendor:	suse	model:	linux personal x86 64	scope:	eq	version:	10.2	Trust: 0.3
vendor:	s u s e	model:	unitedlinux	scope:	eq	version:	1.0	Trust: 0.3
vendor:	s u s e	model:	suse linux standard server	scope:	eq	version:	8.0	Trust: 0.3
vendor:	s u s e	model:	suse linux school server for i386	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	suse linux retail solution	scope:	eq	version:	8.0	Trust: 0.3
vendor:	s u s e	model:	suse linux openexchange server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	s u s e	model:	suse linux open-xchange	scope:	eq	version:	4.1	Trust: 0.3
vendor:	s u s e	model:	suse core for	scope:	eq	version:	9x86	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	10.2	Trust: 0.3
vendor:	s u s e	model:	open-enterprise-server	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	open-enterprise-server	scope:	eq	version:	1	Trust: 0.3
vendor:	s u s e	model:	open-enterprise-server	scope:	eq	version:	0	Trust: 0.3
vendor:	s u s e	model:	office server	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	novell linux pos	scope:	eq	version:	9	Trust: 0.3
vendor:	s u s e	model:	novell linux desktop	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	novell linux desktop	scope:	eq	version:	1.0	Trust: 0.3
vendor:	s u s e	model:	linux professional oss	scope:	eq	version:	10.0	Trust: 0.3
vendor:	s u s e	model:	linux professional	scope:	eq	version:	10.0	Trust: 0.3
vendor:	s u s e	model:	linux professional	scope:	eq	version:	10.2	Trust: 0.3
vendor:	s u s e	model:	linux professional	scope:	eq	version:	10.1	Trust: 0.3
vendor:	s u s e	model:	linux personal oss	scope:	eq	version:	10.0	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	10.2	Trust: 0.3
vendor:	s u s e	model:	linux personal	scope:	eq	version:	10.1	Trust: 0.3
vendor:	s u s e	model:	linux openexchange server	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	linux office server	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	linux enterprise server for s/390	scope:	eq	version:	9.0	Trust: 0.3
vendor:	s u s e	model:	linux enterprise server for s/390	scope:	-	version:	-	Trust: 0.3
vendor:	s u s e	model:	linux desktop	scope:	eq	version:	1.0	Trust: 0.3
vendor:	s u s e	model:	linux desktop	scope:	eq	version:	10	Trust: 0.3
vendor:	s u s e	model:	linux database server	scope:	eq	version:	0	Trust: 0.3
vendor:	s u s e	model:	linux	scope:	eq	version:	10.1x86-64	Trust: 0.3
vendor:	s u s e	model:	linux	scope:	eq	version:	10.1x86	Trust: 0.3
vendor:	s u s e	model:	linux ppc	scope:	eq	version:	10.1	Trust: 0.3
vendor:	s u s e	model:	linux	scope:	eq	version:	10.0x86-64	Trust: 0.3
vendor:	s u s e	model:	linux	scope:	eq	version:	10.0x86	Trust: 0.3
vendor:	s u s e	model:	linux ppc	scope:	eq	version:	10.0	Trust: 0.3
vendor:	rpath	model:	linux	scope:	eq	version:	1	Trust: 0.3
vendor:	pardus	model:	linux	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2007.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	2007.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	2007.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	4.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	3.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	4.0	Trust: 0.3
vendor:	kde	model:	libkhtml	scope:	eq	version:	4.2	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.3.2	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.3	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.2.2-6	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.1.5	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.1.4	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.1	Trust: 0.3
vendor:	kde	model:	konqueror b	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	3.0	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	kde	model:	konqueror	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.5.4	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.4.3	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.4.2	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.4	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.3.2	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.3	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.2	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.1.5	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.1.4	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.1	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	3.0	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	2.1	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	kde	model:	kdelibs	scope:	eq	version:	2.0	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.5.6	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.5.5	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.5.4	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.5.3	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.5.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.5.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.5	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.4.3	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.4.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.4.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.4	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.3.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.3.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.3	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.2.3	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.2.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.1.5	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.1.4	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.1.3	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	kde	model:	a	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.1	Trust: 0.3
vendor:	kde	model:	b	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	kde	model:	a	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0.5	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0.4	Trust: 0.3
vendor:	kde	model:	a	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0.3	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	3.0	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.2.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.1.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.1.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	kde	model:	beta	scope:	eq	version:	2.0	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	2.0	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	1.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	1.1.2	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	1.1.1	Trust: 0.3
vendor:	kde	model:	kde	scope:	eq	version:	1.1	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	apple	model:	safari rss pre-release	scope:	eq	version:	2.0	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	2.0.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	1.0	Trust: 0.3
vendor:	apple	model:	safari beta	scope:	eq	version:	2	Trust: 0.3
vendor:	apple	model:	mobile safari	scope:	eq	version:	0	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.10	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os server	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.10	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.9	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.8	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.7	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.6	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.5	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.4	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.3	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.2	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3.1	Trust: 0.3
vendor:	apple	model:	mac os	scope:	eq	version:	x10.3	Trust: 0.3
vendor:	fujitsu	model:	interstage studio standard-j edition	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage studio enterprise edition	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage job workload server	scope:	eq	version:	8.1	Trust: 0.3
vendor:	fujitsu	model:	interstage business application server enterprise	scope:	eq	version:	8.0.0	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition 6.0a	scope:	-	version:	-	Trust: 0.3
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server web-j edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server web-j edition	scope:	eq	version:	4.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition	scope:	eq	version:	4.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition	scope:	eq	version:	3.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0.2	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	6.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	4.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 22428 // BID: 23020 // JVNDB: JVNDB-2007-000221 // CNNVD: CNNVD-200701-477 // NVD: CVE-2007-0537

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0537
value:	LOW
Trust: 1.0
NVD:	CVE-2007-0537
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200701-477
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2007-0537
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	4.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2007-0537
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

sources: JVNDB: JVNDB-2007-000221 // CNNVD: CNNVD-200701-477 // NVD: CVE-2007-0537

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2007-000221 // NVD: CVE-2007-0537

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 54183 // PACKETSTORM: 58491 // CNNVD: CNNVD-200701-477

TYPE

xss

Trust: 0.9

sources: PACKETSTORM: 54183 // PACKETSTORM: 54252 // PACKETSTORM: 58491 // CNNVD: CNNVD-200701-477

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-000221

PATCH

title:	kdelibs-3.5.5-11.15AX	url:	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=48	Trust: 0.8
title:	khtml/konqueror title XSS vulnerability	url:	http://www.kde.org/info/security/advisory-20070206-1.txt	Trust: 0.8
title:	kdelibs (V4.0)	url:	http://www.miraclelinux.com/support/update/list.php?errata_id=1153	Trust: 0.8
title:	RHSA-2007:0909	url:	https://rhn.redhat.com/errata/RHSA-2007-0909.html	Trust: 0.8
title:	TLSA-2007-19	url:	http://www.turbolinux.com/security/2007/TLSA-2007-19.txt	Trust: 0.8
title:	RHSA-2007:0909	url:	http://www.jp.redhat.com/support/errata/RHSA/RHSA-2007-0909J.html	Trust: 0.8
title:	TLSA-2007-19	url:	http://www.turbolinux.co.jp/security/2007/TLSA-2007-19j.txt	Trust: 0.8

sources: JVNDB: JVNDB-2007-000221

EXTERNAL IDS

db:	NVD	id:	CVE-2007-0537	Trust: 3.4
db:	BID	id:	22428	Trust: 2.7
db:	SECUNIA	id:	23932	Trust: 2.4
db:	SECTRACK	id:	1017591	Trust: 2.4
db:	SECUNIA	id:	24442	Trust: 1.6
db:	SECUNIA	id:	24013	Trust: 1.6
db:	SECUNIA	id:	24889	Trust: 1.6
db:	SECUNIA	id:	24463	Trust: 1.6
db:	SECUNIA	id:	27108	Trust: 1.6
db:	SECUNIA	id:	24065	Trust: 1.6
db:	OSVDB	id:	32975	Trust: 1.6
db:	VUPEN	id:	ADV-2007-0505	Trust: 1.6
db:	JVNDB	id:	JVNDB-2007-000221	Trust: 0.8
db:	SUSE	id:	SUSE-SR:2007:006	Trust: 0.6
db:	REDHAT	id:	RHSA-2007:0909	Trust: 0.6
db:	MANDRIVA	id:	MDKSA-2007:031	Trust: 0.6
db:	MANDRIVA	id:	MDKSA-2007:157	Trust: 0.6
db:	BUGTRAQ	id:	20070124 RE: SAFARI IMPROPERLY PARSES HTML DOCUMENTS & BLOGSPOT XSS VULNERABILITY	Trust: 0.6
db:	UBUNTU	id:	USN-420-1	Trust: 0.6
db:	GENTOO	id:	GLSA-200703-10	Trust: 0.6
db:	CNNVD	id:	CNNVD-200701-477	Trust: 0.6
db:	BID	id:	23020	Trust: 0.3
db:	PACKETSTORM	id:	55049	Trust: 0.1
db:	PACKETSTORM	id:	54183	Trust: 0.1
db:	PACKETSTORM	id:	54252	Trust: 0.1
db:	PACKETSTORM	id:	58491	Trust: 0.1

sources: BID: 22428 // BID: 23020 // JVNDB: JVNDB-2007-000221 // PACKETSTORM: 55049 // PACKETSTORM: 54183 // PACKETSTORM: 54252 // PACKETSTORM: 58491 // CNNVD: CNNVD-200701-477 // NVD: CVE-2007-0537

REFERENCES

url:	http://secunia.com/advisories/23932	Trust: 2.4
url:	http://www.securityfocus.com/bid/22428	Trust: 2.4
url:	http://securitytracker.com/id?1017591	Trust: 2.4
url:	http://www.kde.org/info/security/advisory-20070206-1.txt	Trust: 1.9
url:	https://issues.rpath.com/browse/rpl-1117	Trust: 1.6
url:	http://www.ubuntu.com/usn/usn-420-1	Trust: 1.6
url:	http://www.redhat.com/support/errata/rhsa-2007-0909.html	Trust: 1.6
url:	http://www.novell.com/linux/security/advisories/2007_6_sr.html	Trust: 1.6
url:	http://www.mandriva.com/security/advisories?name=mdksa-2007:157	Trust: 1.6
url:	http://www.mandriva.com/security/advisories?name=mdksa-2007:031	Trust: 1.6
url:	http://www.gentoo.org/security/en/glsa/glsa-200703-10.xml	Trust: 1.6
url:	http://secunia.com/advisories/27108	Trust: 1.6
url:	http://secunia.com/advisories/24889	Trust: 1.6
url:	http://secunia.com/advisories/24463	Trust: 1.6
url:	http://secunia.com/advisories/24442	Trust: 1.6
url:	http://secunia.com/advisories/24065	Trust: 1.6
url:	http://secunia.com/advisories/24013	Trust: 1.6
url:	http://osvdb.org/32975	Trust: 1.6
url:	http://www.frsirt.com/english/advisories/2007/0505	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0537	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10244	Trust: 1.0
url:	http://www.securityfocus.com/archive/1/457924/100/0/threaded	Trust: 1.0
url:	http://www.vupen.com/english/advisories/2007/0505	Trust: 1.0
url:	http://www.securityfocus.com/archive/1/archive/1/457924/100/0/threaded	Trust: 0.9
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-0537	Trust: 0.8
url:	http://frontal2.mandriva.com/security/advisories?name=mdksa-2007:031	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2007-0537	Trust: 0.4
url:	http://www.kde.org/	Trust: 0.3
url:	http://www.konqueror.org/	Trust: 0.3
url:	http://www.apple.com/safari/	Trust: 0.3
url:	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200701e.html	Trust: 0.3
url:	http://jvn.jp/jp/jvn%2383832818/index.html	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2007-0478	Trust: 0.2
url:	http://www.mandriva.com/security/	Trust: 0.2
url:	http://www.mandriva.com/security/advisories	Trust: 0.2
url:	http://bugs.gentoo.org.	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://security.gentoo.org/glsa/glsa-200703-10.xml	Trust: 0.1
url:	http://security.gentoo.org/	Trust: 0.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0478	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.2-0ubuntu18.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.2-0ubuntu18.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.5-0ubuntu3.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_amd64.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2.2_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5.orig.tar.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.5-0ubuntu3.1_all.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_i386.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_powerpc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.dsc	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.diff.gz	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_sparc.deb	Trust: 0.1
url:	http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_amd64.deb	Trust: 0.1

CREDITS

Apple

Trust: 0.6

sources: CNNVD: CNNVD-200701-477

SOURCES

db:	BID	id:	22428
db:	BID	id:	23020
db:	JVNDB	id:	JVNDB-2007-000221
db:	PACKETSTORM	id:	55049
db:	PACKETSTORM	id:	54183
db:	PACKETSTORM	id:	54252
db:	PACKETSTORM	id:	58491
db:	CNNVD	id:	CNNVD-200701-477
db:	NVD	id:	CVE-2007-0537

LAST UPDATE DATE

2024-11-23T19:52:41.930000+00:00

SOURCES UPDATE DATE

db:	BID	id:	22428	date:	2015-03-19T09:23:00
db:	BID	id:	23020	date:	2007-03-19T20:14:00
db:	JVNDB	id:	JVNDB-2007-000221	date:	2007-12-05T00:00:00
db:	CNNVD	id:	CNNVD-200701-477	date:	2007-06-27T00:00:00
db:	NVD	id:	CVE-2007-0537	date:	2024-11-21T00:26:07.630

SOURCES RELEASE DATE

db:	BID	id:	22428	date:	2007-02-06T00:00:00
db:	BID	id:	23020	date:	2007-03-19T00:00:00
db:	JVNDB	id:	JVNDB-2007-000221	date:	2007-04-26T00:00:00
db:	PACKETSTORM	id:	55049	date:	2007-03-14T00:54:51
db:	PACKETSTORM	id:	54183	date:	2007-02-06T04:21:11
db:	PACKETSTORM	id:	54252	date:	2007-02-08T04:48:24
db:	PACKETSTORM	id:	58491	date:	2007-08-14T00:24:12
db:	CNNVD	id:	CNNVD-200701-477	date:	2006-06-01T00:00:00
db:	NVD	id:	CVE-2007-0537	date:	2007-01-29T16:28:00