Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2007-6591

Опубликовано: 18 нояб. 2007
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kdebaseWill not fix
Red Hat Enterprise Linux 6kdebaseWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-451
https://bugzilla.redhat.com/show_bug.cgi?id=428207konqueror: Certificate accepted for alt names, when only common name is shown

EPSS

Процентиль: 44%
0.00213
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2007-6591

ubuntu
больше 17 лет назад

KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

nvd логотип

CVE-2007-6591

nvd
больше 17 лет назад

KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

debian логотип

CVE-2007-6591

debian
больше 17 лет назад

KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server cer ...

github логотип

GHSA-v2mp-wwpv-88m2

github
больше 3 лет назад

KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

EPSS

Процентиль: 44%
0.00213
Низкий

4.3 Medium

CVSS2