CVE Vulnerability

CVE-2007-6591

KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://nils.toedtmann.net/pub/subjectAltName.txt
http://securityreason.com/securityalert/3498
http://www.securityfocus.com/archive/1/483960/100/100/threaded
http://www.securityfocus.com/archive/1/483937/100/100/threaded
http://www.securityfocus.com/archive/1/483929/100/100/threaded
Configurations

Configuration 1

cpe:2.3:a:kde:konqueror:3.95.00:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.5.5:*:*:*:*:*:*:*
Information

Published : 2007-12-28 09:46

Updated : 2018-10-15 09:55

NVD link : CVE-2007-6591

Mitre link : CVE-2007-6591

Products Affected
No products.
CWE
NVD-CWE-Other