CVE-2003-0370
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
| Software | From | Fixed in |
|---|---|---|
| apple / safari | 1.0-beta | 1.0-beta.x |
| apple / safari | 1.0-beta2 | 1.0-beta2.x |
| kde / konqueror_embedded | 0.1 | 0.1.x |
| redhat / linux | 7.2 | 7.2.x |
| turbolinux / turbolinux_server | 7.0 | 7.0.x |
| turbolinux / turbolinux_workstation | 7.0 | 7.0.x |
| turbolinux / turbolinux_workstation | 8.0 | 8.0.x |
| kde / kde | - | 2.2.2.x |
| turbolinux / turbolinux_server | 8.0 | 8.0.x |
| redhat / linux | 7.1 | 7.1.x |
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html
- http://www.debian.org/security/2003/dsa-361
- http://www.kde.org/info/security/advisory-20030602-1.txt
- http://www.redhat.com/support/errata/RHSA-2003-192.html
- http://www.redhat.com/support/errata/RHSA-2003-193.html
- http://www.securityfocus.com/archive/1/320707
- http://www.securityfocus.com/bid/7520
- http://www.turbolinux.com/security/TLSA-2003-36.txt
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime