First Last Prev Next    This bug is not in your last search results.
Bug 74739 - Vulnerabilities in KDE
Vulnerabilities in KDE
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 2.1
Classification: Red Hat
Component: kdelibs (Show other bugs)
2.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: wdovlrrw
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-10-01 06:42 EDT by Mark J. Cox (Product Security)
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-10-01 06:43:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Mark J. Cox (Product Security) 2002-10-01 06:42:58 EDT 
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify
the Basic Constraints for an intermediate CA-signed certificate, which
allows remote attackers to spoof the certificates of trusted sites via a
man-in-the-middle attack (CAN-2002-0970)

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0
through 3.0.3 does not properly initialize the domains on sub-frames and
sub-iframes, which can allow remote attackers to execute script and steal
cookies from subframes that are in other domains. (CAN-2002-1151)

Red Hat Advanced Server 2.1 provides KDE version 2.2.2 and is therefore
vulnerable to both these issues.
Comment 1 Ngo Than 2002-10-10 06:48:28 EDT 
It's fixed in kdelibs-2.2.2-3, which is still waiting for QA
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.