Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Safari | Apple | 1.0-beta (including) | 1.0-beta (including) |
Safari | Apple | 1.0-beta2 (including) | 1.0-beta2 (including) |
Konqueror_embedded | Kde | 0.1 (including) | 0.1 (including) |
Kdelibs | Ubuntu | dapper | * |
Kdelibs | Ubuntu | devel | * |
Kdelibs | Ubuntu | edgy | * |
Kdelibs | Ubuntu | feisty | * |
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
Red Hat Enterprise Linux WS version 2.1 | RedHat | * | |
Red Hat Linux 7.1 | RedHat | * | |
Red Hat Linux 7.2 | RedHat | * | |
Red Hat Linux Advanced Workstation 2.1 | RedHat | * |