var-200306-0053
Vulnerability from variot
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. KDE Included file manager or Web Used as a browser Konqueror Is SSL Due to incomplete implementation of SSL The check against the certificate is not the host name IP User forged because it is done with an address SSL A vulnerability exists that accepts a certificate without realizing it is a certificate.SSL Untrusted through malicious Web May connect to site. The browser fails to detect cases where the CN doesn't match the hostname of the server. This could lead to a variety of attacks, including the possibility of allowing a malicious server to masquerade as a trusted server. The non-embedded Konqueror distribution is reportedly not affected by this issue
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200306-0053",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "workstation",
"scope": "eq",
"trust": 1.3,
"vendor": "turbolinux",
"version": "8.0"
},
{
"model": "workstation",
"scope": "eq",
"trust": 1.3,
"vendor": "turbolinux",
"version": "7.0"
},
{
"model": "server",
"scope": "eq",
"trust": 1.3,
"vendor": "turbolinux",
"version": "8.0"
},
{
"model": "server",
"scope": "eq",
"trust": 1.3,
"vendor": "turbolinux",
"version": "7.0"
},
{
"model": "konqueror embedded",
"scope": "eq",
"trust": 1.3,
"vendor": "kde",
"version": "0.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.1"
},
{
"model": "kde",
"scope": "lte",
"trust": 1.0,
"vendor": "kde",
"version": "2.2.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.9,
"vendor": "kde",
"version": "2.2.2"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "a",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.1"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.1"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.1"
},
{
"model": "b",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.5"
},
{
"model": "a",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.5"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.5"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.4"
},
{
"model": "a",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.3"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.3"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.2"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.1"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "7520"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
},
{
"db": "NVD",
"id": "CVE-2003-0370"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:turbolinux:turbolinux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:linux",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery of this issue is credited to Simson L. Garfinkel and Jesse Burns.",
"sources": [
{
"db": "BID",
"id": "7520"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
}
],
"trust": 0.9
},
"cve": "CVE-2003-0370",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0370",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-7199",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0370",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2003-0370",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200306-100",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7199",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7199"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
},
{
"db": "NVD",
"id": "CVE-2003-0370"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. KDE Included file manager or Web Used as a browser Konqueror Is SSL Due to incomplete implementation of SSL The check against the certificate is not the host name IP User forged because it is done with an address SSL A vulnerability exists that accepts a certificate without realizing it is a certificate.SSL Untrusted through malicious Web May connect to site. The browser fails to detect cases where the CN doesn\u0027t match the hostname of the server. This could lead to a variety of attacks, including the possibility of allowing a malicious server to masquerade as a trusted server. \nThe non-embedded Konqueror distribution is reportedly not affected by this issue",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0370"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"db": "BID",
"id": "7520"
},
{
"db": "VULHUB",
"id": "VHN-7199"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0370",
"trust": 2.8
},
{
"db": "BID",
"id": "7520",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000171",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100",
"trust": 0.7
},
{
"db": "DEBIAN",
"id": "DSA-361",
"trust": 0.6
},
{
"db": "TURBO",
"id": "TLSA-2003-36",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030507 PROBLEM: MULTIPLE WEB BROWSERS DO NOT DO NOT VALIDATE CN ON CERTIFICATES.",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:192",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:193",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20030510 [FORWARD]APPLE SAFARI AND KONQUEROR EMBEDDED COMMON NAME VERIFICATION VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-7199",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7199"
},
{
"db": "BID",
"id": "7520"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
},
{
"db": "NVD",
"id": "CVE-2003-0370"
}
]
},
"id": "VAR-200306-0053",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7199"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T21:04:35.479000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RHSA-2003:192",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2003-192.html"
},
{
"title": "TLSA-2003-36",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2003/TLSA-2003-36.txt"
},
{
"title": "RHSA-2003:192",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/RHSA/RHSA-2003-192J.html"
},
{
"title": "TLSA-2003-36",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2003/TLSA-2003-36j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0370"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.securityfocus.com/bid/7520"
},
{
"trust": 3.0,
"url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
},
{
"trust": 2.7,
"url": "http://www.securityfocus.com/archive/1/320707"
},
{
"trust": 2.7,
"url": "http://www.debian.org/security/2003/dsa-361"
},
{
"trust": 2.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-may/004983.html"
},
{
"trust": 2.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-192.html"
},
{
"trust": 2.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-193.html"
},
{
"trust": 2.7,
"url": "http://www.turbolinux.com/security/tlsa-2003-36.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0370"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0370"
},
{
"trust": 0.3,
"url": "http://www.konqueror.org/embedded/"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2003-193.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f55660"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/patches/linux/security.html"
},
{
"trust": 0.3,
"url": "/archive/1/320707"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7199"
},
{
"db": "BID",
"id": "7520"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
},
{
"db": "NVD",
"id": "CVE-2003-0370"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-7199"
},
{
"db": "BID",
"id": "7520"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
},
{
"db": "NVD",
"id": "CVE-2003-0370"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-7199"
},
{
"date": "2003-05-07T00:00:00",
"db": "BID",
"id": "7520"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"date": "2003-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-100"
},
{
"date": "2003-06-16T04:00:00",
"db": "NVD",
"id": "CVE-2003-0370"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-7199"
},
{
"date": "2007-02-21T17:36:00",
"db": "BID",
"id": "7520"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-100"
},
{
"date": "2024-11-20T23:44:34.690000",
"db": "NVD",
"id": "CVE-2003-0370"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "KDE Konqueror In SSL Unchecked vulnerability for certificates",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "7520"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.