VDB
CVE-2002-0970
CVE-2002-0970
PUBLISHED
CVSS 7.5 HIGH
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
EPSS 2.40% · 85.4th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
2.40%
85.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| kde | kde | 3.0.2, 2.2.2, 3.0 |
| kde | konqueror | 2.2.2, 3.0.1, 3.0.2 |
Exploit Intelligence
- ssl-ca-certificate-spoofing(9776) (circl)
- RHSA-2002:220 (circl)
- http://www.kde.org/info/security/advisory-20020818-1.txt (circl)
- 20020812 Re: IE SSL Vulnerability (Konqueror affected too) (circl)
- CLA-2002:519 (circl)
- RHSA-2002:221 (circl)
- 20020818 KDE Security Advisory: Konqueror SSL vulnerability (circl)
- DSA-155 (circl)
- MDKSA-2002:058 (circl)
- CSSA-2002-047.0 (circl)
…and 1 more exploits
Timeline
- Sep 24, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Aug 9, 2023 EPSS Score
References
- ssl-ca-certificate-spoofing(9776) vdb
- RHSA-2002:220 vendor-advisory
- 5410 vdb
- http://www.kde.org/info/security/advisory-20020818-1.txt url
- 20020812 Re: IE SSL Vulnerability (Konqueror affected too) mailing-list
- CLA-2002:519 vendor-advisory
- RHSA-2002:221 vendor-advisory
- 20020818 KDE Security Advisory: Konqueror SSL vulnerability mailing-list
- DSA-155 vendor-advisory
- MDKSA-2002:058 vendor-advisory
- CSSA-2002-047.0 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2002-0970 advisory