Vulnerability Name: | CVE-2002-0970 (CCN-9776) | ||||||||
Assigned: | 2002-08-05 | ||||||||
Published: | 2002-08-05 | ||||||||
Updated: | 2017-10-10 | ||||||||
Summary: | The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack. | ||||||||
CVSS v3 Severity: | 0.0 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Bypass Security | ||||||||
References: | Source: CALDERA Type: UNKNOWN CSSA-2002-047.0 Source: CCN Type: FreeBSD Security Notice FreeBSD-SN-02:05 security issues in ports Source: CCN Type: BugTraq Mailing List, Mon Aug 05 2002 - 18:03:29 CDT IE SSL Vulnerability Source: CCN Type: BugTraq Mailing List, Sat Aug 10 2002 - 22:28:25 CDT TinySSL Vendor Statement: Basic Constraints Vulnerability Source: CCN Type: BugTraq Mailing List, Mon Aug 19 2002 - 09:40:41 CDT Insufficient Verification of Client Certificates in IIS 5.0 pre sp3 Source: BUGTRAQ Type: UNKNOWN 20020818 KDE Security Advisory: Konqueror SSL vulnerability Source: CCN Type: VulnWatch Mailing List, Wed Jan 22 2003 - 02:54:35 CST IE chain vulnerability Source: MITRE Type: CNA CVE-2002-0828 Source: MITRE Type: CNA CVE-2002-0862 Source: MITRE Type: CNA CVE-2002-0970 Source: MITRE Type: CNA CVE-2002-1183 Source: MITRE Type: CNA CVE-2002-1407 Source: MITRE Type: CNA CVE-2009-0653 Source: CONECTIVA Type: UNKNOWN CLA-2002:519 Source: CCN Type: Conectiva Linux Announcement CLSA-2002:519 kde Source: BUGTRAQ Type: UNKNOWN 20020812 Re: IE SSL Vulnerability (Konqueror affected too) Source: CCN Type: RHSA-2002-220 Updated KDE packages fix security issues Source: CCN Type: RHSA-2002-221 kdelibs security update Source: CCN Type: CIAC Information Bulletin M-121 Microsoft Certificate Validation Vulnerability Source: CCN Type: CIAC Information Bulletin N-020 Red Hat Multiple Vulnerabilities in KDE Source: DEBIAN Type: Patch, Vendor Advisory DSA-155 Source: DEBIAN Type: DSA-155 kdelibs -- privacy escalation with Konqueror Source: CCN Type: KDE Security Advisory 2002-08-18 Konqueror SSL vulnerability Source: CONFIRM Type: UNKNOWN http://www.kde.org/info/security/advisory-20020818-1.txt Source: MANDRAKE Type: UNKNOWN MDKSA-2002:058 Source: CCN Type: Microsoft Security Bulletin MS02-050 Certificate Validation Flaw Could Enable Identity Spoofing (Q328145) Source: CCN Type: Microsoft Security Bulletin MS04-011 Security Update for Microsoft Windows (835732) Source: CCN Type: Microsoft Corporation Web site Information about Reported Web Security Vulnerability August 2002 Source: CCN Type: OSVDB ID: 59725 TinySSL SSL Basic Constraints Intermediate CA-signed Certificate Validation Failure Source: CCN Type: OSVDB ID: 865 Multiple Vendor SSL Basic Constraints Intermediate CA-signed Certificate Validation Failure Source: REDHAT Type: UNKNOWN RHSA-2002:220 Source: REDHAT Type: UNKNOWN RHSA-2002:221 Source: CCN Type: BID-33837 Mozilla Firefox International Domain Name Subdomain URI Spoofing Vulnerability Source: BID Type: Exploit, Patch, Vendor Advisory 5410 Source: CCN Type: BID-5410 Multiple Vendor Invalid X.509 Certificate Chain Vulnerability Source: CCN Type: TinySSL Web site TinySSL -- A Lightweight SSL Implementation in Java Source: XF Type: UNKNOWN ssl-ca-certificate-spoofing(9776) Source: XF Type: UNKNOWN ssl-ca-certificate-spoofing(9776) Source: CCN Type: Moxie Marlinspike Whitepaper New Tricks For Defeating SSL In Practice | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |