cvelistv5 - cve-2003-0370

cve-2003-0370

Vulnerability from cvelistv5

Published

2003-06-05 04:00

Modified

2024-08-08 01:50

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html
cve@mitre.org	http://www.debian.org/security/2003/dsa-361
cve@mitre.org	http://www.kde.org/info/security/advisory-20030602-1.txt	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-192.html	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-193.html
cve@mitre.org	http://www.securityfocus.com/archive/1/320707	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/7520
cve@mitre.org	http://www.turbolinux.com/security/TLSA-2003-36.txt
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2003/dsa-361
af854a3a-2127-422b-91ae-364da2661108	http://www.kde.org/info/security/advisory-20030602-1.txt	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-192.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-193.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/320707	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/7520
af854a3a-2127-422b-91ae-364da2661108	http://www.turbolinux.com/security/TLSA-2003-36.txt

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:50:47.981Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2003:192",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-192.html"
          },
          {
            "name": "20030510 [forward]Apple Safari and Konqueror Embedded Common Name Verification Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html"
          },
          {
            "name": "TLSA-2003-36",
            "tags": [
              "vendor-advisory",
              "x_refsource_TURBO",
              "x_transferred"
            ],
            "url": "http://www.turbolinux.com/security/TLSA-2003-36.txt"
          },
          {
            "name": "RHSA-2003:193",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-193.html"
          },
          {
            "name": "20030507 Problem: Multiple Web Browsers do not do not validate CN on certificates.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/320707"
          },
          {
            "name": "DSA-361",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-361"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
          },
          {
            "name": "7520",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/7520"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-05-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2003-06-06T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2003:192",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-192.html"
        },
        {
          "name": "20030510 [forward]Apple Safari and Konqueror Embedded Common Name Verification Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html"
        },
        {
          "name": "TLSA-2003-36",
          "tags": [
            "vendor-advisory",
            "x_refsource_TURBO"
          ],
          "url": "http://www.turbolinux.com/security/TLSA-2003-36.txt"
        },
        {
          "name": "RHSA-2003:193",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-193.html"
        },
        {
          "name": "20030507 Problem: Multiple Web Browsers do not do not validate CN on certificates.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/320707"
        },
        {
          "name": "DSA-361",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-361"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
        },
        {
          "name": "7520",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/7520"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0370",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2003:192",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-192.html"
            },
            {
              "name": "20030510 [forward]Apple Safari and Konqueror Embedded Common Name Verification Vulnerability",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html"
            },
            {
              "name": "TLSA-2003-36",
              "refsource": "TURBO",
              "url": "http://www.turbolinux.com/security/TLSA-2003-36.txt"
            },
            {
              "name": "RHSA-2003:193",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2003-193.html"
            },
            {
              "name": "20030507 Problem: Multiple Web Browsers do not do not validate CN on certificates.",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/320707"
            },
            {
              "name": "DSA-361",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-361"
            },
            {
              "name": "http://www.kde.org/info/security/advisory-20030602-1.txt",
              "refsource": "CONFIRM",
              "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
            },
            {
              "name": "7520",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/7520"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0370",
    "datePublished": "2003-06-05T04:00:00",
    "dateReserved": "2003-06-03T00:00:00",
    "dateUpdated": "2024-08-08T01:50:47.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"64FE1AA1-32D1-4825-8B2B-E66093937D9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"E760CD65-A10E-44F1-B835-DA6B77057C93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68C3DE36-4687-4157-8C7F-223B289B9A8B\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:kde:kde:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.2.2\", \"matchCriteriaId\": \"4EE0724E-B37D-4177-A117-74F5A39BCC5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D46E093-1C68-43BB-B281-12117EC8DE0F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E562907F-D915-4030-847A-3C6834A80D4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"839D2945-1417-43F5-A526-A14C491CBCEE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E06DCF0D-3241-453A-A0E4-937FE25EC404\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA8F79B3-2FBD-4CF1-B202-AB302C5F9CC2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9428589A-0BD2-469E-978D-38239117D972\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.\"}, {\"lang\": \"es\", \"value\": \"Konqueror Embedded y KDE 2.2.2  y anteriores no validan el campo Common Name (CN) en certificados X.509, lo que permitir\\u00eda que atacantes remotos falsifiquen certificados mediante un ataque \\\"man-in-the-middle\\\".\"}]",
      "id": "CVE-2003-0370",
      "lastModified": "2024-11-20T23:44:34.690",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2003-06-16T04:00:00.000",
      "references": "[{\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2003/dsa-361\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kde.org/info/security/advisory-20030602-1.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-192.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-193.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/320707\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/7520\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.turbolinux.com/security/TLSA-2003-36.txt\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2003/dsa-361\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kde.org/info/security/advisory-20030602-1.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-192.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2003-193.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/320707\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/7520\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.turbolinux.com/security/TLSA-2003-36.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2003-0370\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2003-06-16T04:00:00.000\",\"lastModified\":\"2024-11-20T23:44:34.690\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.\"},{\"lang\":\"es\",\"value\":\"Konqueror Embedded y KDE 2.2.2  y anteriores no validan el campo Common Name (CN) en certificados X.509, lo que permitir\u00eda que atacantes remotos falsifiquen certificados mediante un ataque \\\"man-in-the-middle\\\".\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"64FE1AA1-32D1-4825-8B2B-E66093937D9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E760CD65-A10E-44F1-B835-DA6B77057C93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68C3DE36-4687-4157-8C7F-223B289B9A8B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kde:kde:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.2.2\",\"matchCriteriaId\":\"4EE0724E-B37D-4177-A117-74F5A39BCC5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D46E093-1C68-43BB-B281-12117EC8DE0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E562907F-D915-4030-847A-3C6834A80D4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"839D2945-1417-43F5-A526-A14C491CBCEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E06DCF0D-3241-453A-A0E4-937FE25EC404\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA8F79B3-2FBD-4CF1-B202-AB302C5F9CC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9428589A-0BD2-469E-978D-38239117D972\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2003/dsa-361\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kde.org/info/security/advisory-20030602-1.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-192.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-193.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/320707\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/7520\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.turbolinux.com/security/TLSA-2003-36.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2003/dsa-361\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kde.org/info/security/advisory-20030602-1.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-192.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2003-193.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/320707\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/7520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.turbolinux.com/security/TLSA-2003-36.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. KDE Included file manager or Web Used as a browser Konqueror Is SSL Due to incomplete implementation of SSL The check against the certificate is not the host name IP User forged because it is done with an address SSL A vulnerability exists that accepts a certificate without realizing it is a certificate.SSL Untrusted through malicious Web May connect to site. The browser fails to detect cases where the CN doesn't match the hostname of the server. This could lead to a variety of attacks, including the possibility of allowing a malicious server to masquerade as a trusted server. The non-embedded Konqueror distribution is reportedly not affected by this issue

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200306-0053",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "turbolinux",
        "version": "8.0"
      },
      {
        "model": "server",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "turbolinux",
        "version": "7.0"
      },
      {
        "model": "konqueror embedded",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "kde",
        "version": "0.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "kde",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "kde",
        "version": "2.2.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": "7.1"
      },
      {
        "model": "kde",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "kde",
        "version": "2.2.2"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "7"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "8"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "7.2"
      },
      {
        "model": "a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.1"
      },
      {
        "model": "kde",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1.1"
      },
      {
        "model": "kde",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.1"
      },
      {
        "model": "b",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.5"
      },
      {
        "model": "a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.5"
      },
      {
        "model": "kde",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.5"
      },
      {
        "model": "kde",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.4"
      },
      {
        "model": "a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.3"
      },
      {
        "model": "kde",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.3"
      },
      {
        "model": "kde",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.2"
      },
      {
        "model": "kde",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0.1"
      },
      {
        "model": "kde",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kde",
        "version": "3.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "7520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000171"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0370"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-100"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:kde:kde:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.2.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0370"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Discovery of this issue is credited to Simson L. Garfinkel and Jesse Burns.",
    "sources": [
      {
        "db": "BID",
        "id": "7520"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-100"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2003-0370",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2003-0370",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-7199",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2003-0370",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200306-100",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-7199",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-7199"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000171"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0370"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-100"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. KDE Included file manager or Web Used as a browser Konqueror Is SSL Due to incomplete implementation of SSL The check against the certificate is not the host name IP User forged because it is done with an address SSL A vulnerability exists that accepts a certificate without realizing it is a certificate.SSL Untrusted through malicious Web May connect to site.  The browser fails to detect cases where the CN doesn\u0027t match the hostname of the server.  This could lead to a variety of attacks, including the possibility of allowing a malicious server to masquerade as a trusted server. \nThe non-embedded Konqueror distribution is reportedly not affected by this issue",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0370"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000171"
      },
      {
        "db": "BID",
        "id": "7520"
      },
      {
        "db": "VULHUB",
        "id": "VHN-7199"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2003-0370",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "7520",
        "trust": 2.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000171",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-100",
        "trust": 0.7
      },
      {
        "db": "DEBIAN",
        "id": "DSA-361",
        "trust": 0.6
      },
      {
        "db": "TURBO",
        "id": "TLSA-2003-36",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20030507 PROBLEM: MULTIPLE WEB BROWSERS DO NOT DO NOT VALIDATE CN ON CERTIFICATES.",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2003:192",
        "trust": 0.6
      },
      {
        "db": "REDHAT",
        "id": "RHSA-2003:193",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20030510 [FORWARD]APPLE SAFARI AND KONQUEROR EMBEDDED COMMON NAME VERIFICATION VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-7199",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-7199"
      },
      {
        "db": "BID",
        "id": "7520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000171"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0370"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-100"
      }
    ]
  },
  "id": "VAR-200306-0053",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-7199"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:55:42.058000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "RHSA-2003:192",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2003-192.html"
      },
      {
        "title": "TLSA-2003-36",
        "trust": 0.8,
        "url": "http://www.turbolinux.com/security/2003/tlsa-2003-36.txt"
      },
      {
        "title": "RHSA-2003:192",
        "trust": 0.8,
        "url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-192j.html"
      },
      {
        "title": "TLSA-2003-36",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-36j.txt"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000171"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2003-0370"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/7520"
      },
      {
        "trust": 2.0,
        "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/320707"
      },
      {
        "trust": 1.7,
        "url": "http://www.debian.org/security/2003/dsa-361"
      },
      {
        "trust": 1.7,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-may/004983.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2003-192.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.redhat.com/support/errata/rhsa-2003-193.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.turbolinux.com/security/tlsa-2003-36.txt"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0370"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0370"
      },
      {
        "trust": 0.3,
        "url": "http://www.konqueror.org/embedded/"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2003-193.html"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f55660"
      },
      {
        "trust": 0.3,
        "url": "http://sunsolve.sun.com/patches/linux/security.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/320707"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-7199"
      },
      {
        "db": "BID",
        "id": "7520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000171"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0370"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-100"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-7199"
      },
      {
        "db": "BID",
        "id": "7520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000171"
      },
      {
        "db": "NVD",
        "id": "CVE-2003-0370"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-100"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2003-06-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-7199"
      },
      {
        "date": "2003-05-07T00:00:00",
        "db": "BID",
        "id": "7520"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000171"
      },
      {
        "date": "2003-06-16T04:00:00",
        "db": "NVD",
        "id": "CVE-2003-0370"
      },
      {
        "date": "2003-06-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200306-100"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-09-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-7199"
      },
      {
        "date": "2007-02-21T17:36:00",
        "db": "BID",
        "id": "7520"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2003-000171"
      },
      {
        "date": "2008-09-10T19:18:47.117000",
        "db": "NVD",
        "id": "CVE-2003-0370"
      },
      {
        "date": "2005-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200306-100"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-100"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "KDE Konqueror In  SSL Unchecked vulnerability for certificates",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2003-000171"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Design Error",
    "sources": [
      {
        "db": "BID",
        "id": "7520"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200306-100"
      }
    ],
    "trust": 0.9
  }
}

rhsa-2003:193

Vulnerability from csaf_redhat

Published

2003-06-17 19:38

Modified

2024-11-21 22:46

Summary

Red Hat Security Advisory: kdelibs security update

Notes

Topic

Updated KDE packages that resolve a vulnerability in KDE's SSL implementation are now available.

Details

KDE is a graphical desktop environment for the X Window System. KDE versions 2.2.2 and earlier have a vulnerability in their SSL implementation that makes it possible for users of Konqueror and other SSL enabled KDE software to fall victim to a man-in-the-middle attack. Users of KDE should upgrade to these erratum packages, which contain KDE 2.2.2 with a backported patch to correct this vulnerability.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated KDE packages that resolve a vulnerability in KDE\u0027s SSL\nimplementation are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "KDE is a graphical desktop environment for the X Window System.\n\nKDE versions 2.2.2 and earlier have a vulnerability in their SSL\nimplementation that makes it possible for users of Konqueror and other SSL\nenabled KDE software to fall victim to a man-in-the-middle attack. \n\nUsers of KDE should upgrade to these erratum packages, which contain KDE\n2.2.2 with a backported patch to correct this vulnerability.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:193",
        "url": "https://access.redhat.com/errata/RHSA-2003:193"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://www.kde.org/info/security/advisory-20030602-1.txt",
        "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
      },
      {
        "category": "external",
        "summary": "92144",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=92144"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_193.json"
      }
    ],
    "title": "Red Hat Security Advisory: kdelibs security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:46:26+00:00",
      "generator": {
        "date": "2024-11-21T22:46:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:193",
      "initial_release_date": "2003-06-17T19:38:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-17T19:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-17T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:46:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0370",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617023"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0370"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617023",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617023"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0370"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0370",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0370"
        }
      ],
      "release_date": "2003-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-17T19:38:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:193"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2003:192

Vulnerability from csaf_redhat

Published

2003-06-05 08:59

Modified

2024-11-21 22:46

Summary

Red Hat Security Advisory: : Updated KDE packages fix security issue

Notes

Topic

Updated KDE packages that resolve a vulnerability in KDE's SSL implementation are now available.

Details

KDE is a graphical desktop environment for the X Window System. KDE versions 2.2.2 and earlier have a vulnerability in their SSL implementation that makes it possible for users of Konqueror and other SSL enabled KDE software to fall victim to a man-in-the-middle attack. Red Hat Linux 7.1 and 7.2 shipped with KDE packages that are vulnerable to this issue. Users of KDE should upgrade to these erratum packages, which contain KDE 2.2.2 with a backported patch to correct this vulnerability.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated KDE packages that resolve a vulnerability in KDE\u0027s SSL\nimplementation are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "KDE is a graphical desktop environment for the X Window System.\n\nKDE versions 2.2.2 and earlier have a vulnerability in their SSL\nimplementation that makes it possible for users of Konqueror and other SSL\nenabled KDE software to fall victim to a man-in-the-middle attack.  Red Hat\nLinux 7.1 and 7.2 shipped with KDE packages that are vulnerable to this issue.\n\nUsers of KDE should upgrade to these erratum packages, which contain KDE\n2.2.2 with a backported patch to correct this vulnerability.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:192",
        "url": "https://access.redhat.com/errata/RHSA-2003:192"
      },
      {
        "category": "external",
        "summary": "http://www.kde.org/info/security/advisory-20030602-1.txt",
        "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_192.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated KDE packages fix security issue",
    "tracking": {
      "current_release_date": "2024-11-21T22:46:22+00:00",
      "generator": {
        "date": "2024-11-21T22:46:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:192",
      "initial_release_date": "2003-06-05T08:59:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-05T08:59:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-05T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:46:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0370",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617023"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0370"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617023",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617023"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0370"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0370",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0370"
        }
      ],
      "release_date": "2003-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-05T08:59:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:192"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2003_192

Vulnerability from csaf_redhat

Published

2003-06-05 08:59

Modified

2024-11-21 22:46

Summary

Red Hat Security Advisory: : Updated KDE packages fix security issue

Notes

Topic

Updated KDE packages that resolve a vulnerability in KDE's SSL implementation are now available.

Details

KDE is a graphical desktop environment for the X Window System. KDE versions 2.2.2 and earlier have a vulnerability in their SSL implementation that makes it possible for users of Konqueror and other SSL enabled KDE software to fall victim to a man-in-the-middle attack. Red Hat Linux 7.1 and 7.2 shipped with KDE packages that are vulnerable to this issue. Users of KDE should upgrade to these erratum packages, which contain KDE 2.2.2 with a backported patch to correct this vulnerability.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated KDE packages that resolve a vulnerability in KDE\u0027s SSL\nimplementation are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "KDE is a graphical desktop environment for the X Window System.\n\nKDE versions 2.2.2 and earlier have a vulnerability in their SSL\nimplementation that makes it possible for users of Konqueror and other SSL\nenabled KDE software to fall victim to a man-in-the-middle attack.  Red Hat\nLinux 7.1 and 7.2 shipped with KDE packages that are vulnerable to this issue.\n\nUsers of KDE should upgrade to these erratum packages, which contain KDE\n2.2.2 with a backported patch to correct this vulnerability.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:192",
        "url": "https://access.redhat.com/errata/RHSA-2003:192"
      },
      {
        "category": "external",
        "summary": "http://www.kde.org/info/security/advisory-20030602-1.txt",
        "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_192.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated KDE packages fix security issue",
    "tracking": {
      "current_release_date": "2024-11-21T22:46:22+00:00",
      "generator": {
        "date": "2024-11-21T22:46:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:192",
      "initial_release_date": "2003-06-05T08:59:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-05T08:59:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-05T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:46:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0370",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617023"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0370"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617023",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617023"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0370"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0370",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0370"
        }
      ],
      "release_date": "2003-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-05T08:59:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:192"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2003_193

Vulnerability from csaf_redhat

Published

2003-06-17 19:38

Modified

2024-11-21 22:46

Summary

Red Hat Security Advisory: kdelibs security update

Notes

Topic

Updated KDE packages that resolve a vulnerability in KDE's SSL implementation are now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated KDE packages that resolve a vulnerability in KDE\u0027s SSL\nimplementation are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "KDE is a graphical desktop environment for the X Window System.\n\nKDE versions 2.2.2 and earlier have a vulnerability in their SSL\nimplementation that makes it possible for users of Konqueror and other SSL\nenabled KDE software to fall victim to a man-in-the-middle attack. \n\nUsers of KDE should upgrade to these erratum packages, which contain KDE\n2.2.2 with a backported patch to correct this vulnerability.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:193",
        "url": "https://access.redhat.com/errata/RHSA-2003:193"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://www.kde.org/info/security/advisory-20030602-1.txt",
        "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
      },
      {
        "category": "external",
        "summary": "92144",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=92144"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_193.json"
      }
    ],
    "title": "Red Hat Security Advisory: kdelibs security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:46:26+00:00",
      "generator": {
        "date": "2024-11-21T22:46:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:193",
      "initial_release_date": "2003-06-17T19:38:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-17T19:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-17T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:46:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0370",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617023"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0370"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617023",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617023"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0370"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0370",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0370"
        }
      ],
      "release_date": "2003-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-17T19:38:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:193"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003:192

Vulnerability from csaf_redhat

Published

2003-06-05 08:59

Modified

2024-11-21 22:46

Summary

Red Hat Security Advisory: : Updated KDE packages fix security issue

Notes

Topic

Updated KDE packages that resolve a vulnerability in KDE's SSL implementation are now available.

Details

KDE is a graphical desktop environment for the X Window System. KDE versions 2.2.2 and earlier have a vulnerability in their SSL implementation that makes it possible for users of Konqueror and other SSL enabled KDE software to fall victim to a man-in-the-middle attack. Red Hat Linux 7.1 and 7.2 shipped with KDE packages that are vulnerable to this issue. Users of KDE should upgrade to these erratum packages, which contain KDE 2.2.2 with a backported patch to correct this vulnerability.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated KDE packages that resolve a vulnerability in KDE\u0027s SSL\nimplementation are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "KDE is a graphical desktop environment for the X Window System.\n\nKDE versions 2.2.2 and earlier have a vulnerability in their SSL\nimplementation that makes it possible for users of Konqueror and other SSL\nenabled KDE software to fall victim to a man-in-the-middle attack.  Red Hat\nLinux 7.1 and 7.2 shipped with KDE packages that are vulnerable to this issue.\n\nUsers of KDE should upgrade to these erratum packages, which contain KDE\n2.2.2 with a backported patch to correct this vulnerability.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:192",
        "url": "https://access.redhat.com/errata/RHSA-2003:192"
      },
      {
        "category": "external",
        "summary": "http://www.kde.org/info/security/advisory-20030602-1.txt",
        "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_192.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated KDE packages fix security issue",
    "tracking": {
      "current_release_date": "2024-11-21T22:46:22+00:00",
      "generator": {
        "date": "2024-11-21T22:46:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:192",
      "initial_release_date": "2003-06-05T08:59:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-05T08:59:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-05T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:46:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.1",
                "product": {
                  "name": "Red Hat Linux 7.1",
                  "product_id": "Red Hat Linux 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux 7.2",
                "product": {
                  "name": "Red Hat Linux 7.2",
                  "product_id": "Red Hat Linux 7.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:7.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0370",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617023"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 7.1",
          "Red Hat Linux 7.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0370"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617023",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617023"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0370"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0370",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0370"
        }
      ],
      "release_date": "2003-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-05T08:59:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Linux 7.1",
            "Red Hat Linux 7.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:192"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2003:193

Vulnerability from csaf_redhat

Published

2003-06-17 19:38

Modified

2024-11-21 22:46

Summary

Red Hat Security Advisory: kdelibs security update

Notes

Topic

Updated KDE packages that resolve a vulnerability in KDE's SSL implementation are now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated KDE packages that resolve a vulnerability in KDE\u0027s SSL\nimplementation are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "KDE is a graphical desktop environment for the X Window System.\n\nKDE versions 2.2.2 and earlier have a vulnerability in their SSL\nimplementation that makes it possible for users of Konqueror and other SSL\nenabled KDE software to fall victim to a man-in-the-middle attack. \n\nUsers of KDE should upgrade to these erratum packages, which contain KDE\n2.2.2 with a backported patch to correct this vulnerability.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2003:193",
        "url": "https://access.redhat.com/errata/RHSA-2003:193"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "http://www.kde.org/info/security/advisory-20030602-1.txt",
        "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
      },
      {
        "category": "external",
        "summary": "92144",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=92144"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2003/rhsa-2003_193.json"
      }
    ],
    "title": "Red Hat Security Advisory: kdelibs security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:46:26+00:00",
      "generator": {
        "date": "2024-11-21T22:46:26+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2003:193",
      "initial_release_date": "2003-06-17T19:38:00+00:00",
      "revision_history": [
        {
          "date": "2003-06-17T19:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2003-06-17T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:46:26+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2003-0370",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617023"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2003-0370"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617023",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617023"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2003-0370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2003-0370"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2003-0370",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0370"
        }
      ],
      "release_date": "2003-06-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2003-06-17T19:38:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2003:193"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "security flaw"
    }
  ]
}

fkie_cve-2003-0370

Vulnerability from fkie_nvd

Published

2003-06-16 04:00

Modified

2024-11-20 23:44

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html
cve@mitre.org	http://www.debian.org/security/2003/dsa-361
cve@mitre.org	http://www.kde.org/info/security/advisory-20030602-1.txt	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-192.html	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2003-193.html
cve@mitre.org	http://www.securityfocus.com/archive/1/320707	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/7520
cve@mitre.org	http://www.turbolinux.com/security/TLSA-2003-36.txt
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2003/dsa-361
af854a3a-2127-422b-91ae-364da2661108	http://www.kde.org/info/security/advisory-20030602-1.txt	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-192.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2003-193.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/320707	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/7520
af854a3a-2127-422b-91ae-364da2661108	http://www.turbolinux.com/security/TLSA-2003-36.txt

Impacted products

Vendor	Product	Version
apple	safari	1.0
apple	safari	1.0
kde	konqueror_embedded	0.1
kde	kde	*
redhat	linux	7.1
redhat	linux	7.2
turbolinux	turbolinux_server	7.0
turbolinux	turbolinux_server	8.0
turbolinux	turbolinux_workstation	7.0
turbolinux	turbolinux_workstation	8.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "64FE1AA1-32D1-4825-8B2B-E66093937D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "E760CD65-A10E-44F1-B835-DA6B77057C93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68C3DE36-4687-4157-8C7F-223B289B9A8B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:kde:kde:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EE0724E-B37D-4177-A117-74F5A39BCC5B",
              "versionEndIncluding": "2.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "839D2945-1417-43F5-A526-A14C491CBCEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E06DCF0D-3241-453A-A0E4-937FE25EC404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA8F79B3-2FBD-4CF1-B202-AB302C5F9CC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9428589A-0BD2-469E-978D-38239117D972",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack."
    },
    {
      "lang": "es",
      "value": "Konqueror Embedded y KDE 2.2.2  y anteriores no validan el campo Common Name (CN) en certificados X.509, lo que permitir\u00eda que atacantes remotos falsifiquen certificados mediante un ataque \"man-in-the-middle\"."
    }
  ],
  "id": "CVE-2003-0370",
  "lastModified": "2024-11-20T23:44:34.690",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-06-16T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-361"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-192.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-193.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/320707"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/7520"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.turbolinux.com/security/TLSA-2003-36.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2003-192.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-193.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/320707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/7520"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.turbolinux.com/security/TLSA-2003-36.txt"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2003-0370

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2003-0370

Aliases

CVE-2003-0370

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2003-0370",
    "description": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.",
    "id": "GSD-2003-0370",
    "references": [
      "https://www.debian.org/security/2003/dsa-361",
      "https://access.redhat.com/errata/RHSA-2003:193",
      "https://access.redhat.com/errata/RHSA-2003:192"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2003-0370"
      ],
      "details": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.",
      "id": "GSD-2003-0370",
      "modified": "2023-12-13T01:22:13.242677Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2003-0370",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2003:192",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2003-192.html"
          },
          {
            "name": "20030510 [forward]Apple Safari and Konqueror Embedded Common Name Verification Vulnerability",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html"
          },
          {
            "name": "TLSA-2003-36",
            "refsource": "TURBO",
            "url": "http://www.turbolinux.com/security/TLSA-2003-36.txt"
          },
          {
            "name": "RHSA-2003:193",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2003-193.html"
          },
          {
            "name": "20030507 Problem: Multiple Web Browsers do not do not validate CN on certificates.",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/320707"
          },
          {
            "name": "DSA-361",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2003/dsa-361"
          },
          {
            "name": "http://www.kde.org/info/security/advisory-20030602-1.txt",
            "refsource": "CONFIRM",
            "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
          },
          {
            "name": "7520",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/7520"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:kde:kde:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.2.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0370"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.kde.org/info/security/advisory-20030602-1.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
            },
            {
              "name": "20030507 Problem: Multiple Web Browsers do not do not validate CN on certificates.",
              "refsource": "BUGTRAQ",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/archive/1/320707"
            },
            {
              "name": "RHSA-2003:192",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-192.html"
            },
            {
              "name": "TLSA-2003-36",
              "refsource": "TURBO",
              "tags": [],
              "url": "http://www.turbolinux.com/security/TLSA-2003-36.txt"
            },
            {
              "name": "20030510 [forward]Apple Safari and Konqueror Embedded Common Name Verification Vulnerability",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html"
            },
            {
              "name": "RHSA-2003:193",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2003-193.html"
            },
            {
              "name": "DSA-361",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2003/dsa-361"
            },
            {
              "name": "7520",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/7520"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2008-09-10T19:18Z",
      "publishedDate": "2003-06-16T04:00Z"
    }
  }
}

ghsa-9cxf-vv6j-h6r9

Vulnerability from github

Published

2022-04-29 01:26

Modified

2022-04-29 01:26

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2003-0370"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2003-06-16T04:00:00Z",
    "severity": "HIGH"
  },
  "details": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.",
  "id": "GHSA-9cxf-vv6j-h6r9",
  "modified": "2022-04-29T01:26:19Z",
  "published": "2022-04-29T01:26:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2003-0370"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2003/dsa-361"
    },
    {
      "type": "WEB",
      "url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-192.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2003-193.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/320707"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/7520"
    },
    {
      "type": "WEB",
      "url": "http://www.turbolinux.com/security/TLSA-2003-36.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from cvelistv5

Vulnerability from variot

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from csaf_redhat

Vulnerability from fkie_nvd

Vulnerability from gsd

Vulnerability from github

Tags

Sightings

Nomenclature