3.0.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

kde

NVD

Published: 2002-10-11

Updated: 2016-10-18

Summary

Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.

Vulnerable Configurations

Part	Description	Count
OS	Kde KDE KDE 3.0 KDE KDE 3.0.1 KDE KDE 3.0.2	3

Redhat

advisories

rhsa

id	RHSA-2002:220

References

http://marc.info/?l=bugtraq&m=103175827225044&w=2
http://www.iss.net/security_center/static/10083.php
http://www.kde.org/info/security/advisory-20020908-1.txt
http://www.redhat.com/support/errata/RHSA-2002-220.html
http://www.securityfocus.com/bid/5691