Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2007-6591

Опубликовано: 28 дек. 2007
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 4.3

Описание

KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

РелизСтатусПримечание
dapper

ignored

end of life
devel

not-affected

4:4.3.0-0ubuntu3
edgy

ignored

end of life, was needed
feisty

ignored

end of life, was needed
gutsy

ignored

end of life, was needed
hardy

ignored

end of life
intrepid

not-affected

4:4.1.4-0ubuntu1~intrepid2
jaunty

not-affected

4:4.2.2-0ubuntu4
karmic

not-affected

4:4.3.0-0ubuntu3
upstream

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 44%
0.00213
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

redhat логотип

CVE-2007-6591

redhat
почти 18 лет назад

KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

nvd логотип

CVE-2007-6591

nvd
почти 18 лет назад

KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

debian логотип

CVE-2007-6591

debian
почти 18 лет назад

KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server cer ...

github логотип

GHSA-v2mp-wwpv-88m2

github
больше 3 лет назад

KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

EPSS

Процентиль: 44%
0.00213
Низкий

4.3 Medium

CVSS2