| Vulnerability Name: | CVE-2002-1152 (CCN-10083) | ||||||||
| Assigned: | 2002-09-08 | ||||||||
| Published: | 2002-09-08 | ||||||||
| Updated: | 2016-10-18 | ||||||||
| Summary: | Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: MITRE Type: CNA CVE-2002-1152 Source: BUGTRAQ Type: UNKNOWN 20020910 KDE Security Advisory: Secure Cookie Vulnerability Source: CCN Type: RHSA-2002-220 Updated KDE packages fix security issues Source: CCN Type: CIAC Information Bulletin M-124 Konqueror Secure Cookie Vulnerability Source: CCN Type: CIAC Information Bulletin N-020 Red Hat Multiple Vulnerabilities in KDE Source: XF Type: Vendor Advisory kde-konqueror-cookie-hijacking(10083) Source: CCN Type: K Desktop Environment (KDE) Web site K Desktop Environment Home (kde.org) Source: CCN Type: KDE Security Advisory 2002-09-08 Secure Cookie Vulnerability Source: CONFIRM Type: UNKNOWN http://www.kde.org/info/security/advisory-20020908-1.txt Source: CCN Type: OSVDB ID: 11233 KDE Konqueror HTTP Cookie secure Flag Validation Failure Source: REDHAT Type: UNKNOWN RHSA-2002:220 Source: BID Type: Patch, Vendor Advisory 5691 Source: CCN Type: BID-5691 KDE Secure Cookie Exposure Vulnerability Source: XF Type: UNKNOWN kde-konqueror-cookie-hijacking(10083) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||