| ID |
CVE-2007-6591
|
| Summary |
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 4.3 (as of 15-10-2018 - 21:55) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
NONE |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| refmap
via4
|
| bugtraq | - 20071118 Certificate spoofing issue with Mozilla, Konqueror, Safari 2
- 20071118 RE: Certificate spoofing issue with Mozilla, Konqueror, Safari 2
- 20071118 Re: Certificate spoofing issue with Mozilla, Konqueror, Safari 2
| | misc | http://nils.toedtmann.net/pub/subjectAltName.txt | | sreason | 3498 |
|
| statements
via4
|
| contributor | Joshua Bressers | | lastmodified | 2008-01-10 | | organization | Red Hat | | statement | Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6591
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/#low |
|
| Last major update |
15-10-2018 - 21:55 |
| Published |
28-12-2007 - 21:46 |
| Last modified |
15-10-2018 - 21:55 |
