VAR-200306-0053
Vulnerability from variot - Updated: 2023-12-18 10:55Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. KDE Included file manager or Web Used as a browser Konqueror Is SSL Due to incomplete implementation of SSL The check against the certificate is not the host name IP User forged because it is done with an address SSL A vulnerability exists that accepts a certificate without realizing it is a certificate.SSL Untrusted through malicious Web May connect to site. The browser fails to detect cases where the CN doesn't match the hostname of the server. This could lead to a variety of attacks, including the possibility of allowing a malicious server to masquerade as a trusted server. The non-embedded Konqueror distribution is reportedly not affected by this issue
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200306-0053",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "workstation",
"scope": "eq",
"trust": 1.3,
"vendor": "turbolinux",
"version": "8.0"
},
{
"model": "workstation",
"scope": "eq",
"trust": 1.3,
"vendor": "turbolinux",
"version": "7.0"
},
{
"model": "server",
"scope": "eq",
"trust": 1.3,
"vendor": "turbolinux",
"version": "8.0"
},
{
"model": "server",
"scope": "eq",
"trust": 1.3,
"vendor": "turbolinux",
"version": "7.0"
},
{
"model": "konqueror embedded",
"scope": "eq",
"trust": 1.3,
"vendor": "kde",
"version": "0.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "1.0"
},
{
"model": "kde",
"scope": "lte",
"trust": 1.0,
"vendor": "kde",
"version": "2.2.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.1"
},
{
"model": "kde",
"scope": "eq",
"trust": 0.9,
"vendor": "kde",
"version": "2.2.2"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "7"
},
{
"model": "turbolinux server",
"scope": "eq",
"trust": 0.8,
"vendor": "turbo linux",
"version": "8"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "7.2"
},
{
"model": "a",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.1"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.1.1"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.1"
},
{
"model": "b",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.5"
},
{
"model": "a",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.5"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.5"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.4"
},
{
"model": "a",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.3"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.3"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.2"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0.1"
},
{
"model": "kde",
"scope": "ne",
"trust": 0.3,
"vendor": "kde",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "7520"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"db": "NVD",
"id": "CVE-2003-0370"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:kde:kde:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0370"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery of this issue is credited to Simson L. Garfinkel and Jesse Burns.",
"sources": [
{
"db": "BID",
"id": "7520"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
}
],
"trust": 0.9
},
"cve": "CVE-2003-0370",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2003-0370",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-7199",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0370",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200306-100",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7199",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7199"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"db": "NVD",
"id": "CVE-2003-0370"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. KDE Included file manager or Web Used as a browser Konqueror Is SSL Due to incomplete implementation of SSL The check against the certificate is not the host name IP User forged because it is done with an address SSL A vulnerability exists that accepts a certificate without realizing it is a certificate.SSL Untrusted through malicious Web May connect to site. The browser fails to detect cases where the CN doesn\u0027t match the hostname of the server. This could lead to a variety of attacks, including the possibility of allowing a malicious server to masquerade as a trusted server. \nThe non-embedded Konqueror distribution is reportedly not affected by this issue",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0370"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"db": "BID",
"id": "7520"
},
{
"db": "VULHUB",
"id": "VHN-7199"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2003-0370",
"trust": 2.8
},
{
"db": "BID",
"id": "7520",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000171",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100",
"trust": 0.7
},
{
"db": "DEBIAN",
"id": "DSA-361",
"trust": 0.6
},
{
"db": "TURBO",
"id": "TLSA-2003-36",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030507 PROBLEM: MULTIPLE WEB BROWSERS DO NOT DO NOT VALIDATE CN ON CERTIFICATES.",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:192",
"trust": 0.6
},
{
"db": "REDHAT",
"id": "RHSA-2003:193",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20030510 [FORWARD]APPLE SAFARI AND KONQUEROR EMBEDDED COMMON NAME VERIFICATION VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-7199",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7199"
},
{
"db": "BID",
"id": "7520"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"db": "NVD",
"id": "CVE-2003-0370"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
}
]
},
"id": "VAR-200306-0053",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7199"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:55:42.058000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RHSA-2003:192",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/rhsa-2003-192.html"
},
{
"title": "TLSA-2003-36",
"trust": 0.8,
"url": "http://www.turbolinux.com/security/2003/tlsa-2003-36.txt"
},
{
"title": "RHSA-2003:192",
"trust": 0.8,
"url": "http://www.jp.redhat.com/support/errata/rhsa/rhsa-2003-192j.html"
},
{
"title": "TLSA-2003-36",
"trust": 0.8,
"url": "http://www.turbolinux.co.jp/security/2003/tlsa-2003-36j.txt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0370"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/7520"
},
{
"trust": 2.0,
"url": "http://www.kde.org/info/security/advisory-20030602-1.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/320707"
},
{
"trust": 1.7,
"url": "http://www.debian.org/security/2003/dsa-361"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-may/004983.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-192.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2003-193.html"
},
{
"trust": 1.7,
"url": "http://www.turbolinux.com/security/tlsa-2003-36.txt"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2003-0370"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2003-0370"
},
{
"trust": 0.3,
"url": "http://www.konqueror.org/embedded/"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2003-193.html"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2f55660"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/patches/linux/security.html"
},
{
"trust": 0.3,
"url": "/archive/1/320707"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7199"
},
{
"db": "BID",
"id": "7520"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"db": "NVD",
"id": "CVE-2003-0370"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-7199"
},
{
"db": "BID",
"id": "7520"
},
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"db": "NVD",
"id": "CVE-2003-0370"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-7199"
},
{
"date": "2003-05-07T00:00:00",
"db": "BID",
"id": "7520"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"date": "2003-06-16T04:00:00",
"db": "NVD",
"id": "CVE-2003-0370"
},
{
"date": "2003-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-100"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-7199"
},
{
"date": "2007-02-21T17:36:00",
"db": "BID",
"id": "7520"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2003-000171"
},
{
"date": "2008-09-10T19:18:47.117000",
"db": "NVD",
"id": "CVE-2003-0370"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200306-100"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "KDE Konqueror In SSL Unchecked vulnerability for certificates",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2003-000171"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "7520"
},
{
"db": "CNNVD",
"id": "CNNVD-200306-100"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…