漏洞信息详情
KDE安全Cookie暴露漏洞
- CNNVD编号:CNNVD-200210-260
- 危害等级: 高危
- CVE编号: CVE-2002-1152
- 漏洞类型: 设计错误
- 发布时间: 2002-10-11
- 威胁类型: 远程
- 更新时间: 2005-10-12
- 厂 商: kde
- 漏洞来源: This issue was pub...
漏洞简介
KDE 3.0版本到3.0.2版本的Konqueror不能正确地察觉HTTP cookie中的\"secure\"标志,该漏洞可能导致Konqueror穿过非加密通道发送cookie,远程攻击者可以借助侦测窃取cookie。
漏洞公告
RedHat has released an advisory, RHSA-2002:220-40, that contains many fixes. Information about obtaining and applying fixes are available in the referenced advisory. The vendor has addressed this issue in KDE 3.0.3. Users are advised to upgrade. Patches are also available. KDE KDE 3.0
- KDE post-3.0-kdelibs-kcookiejar.diff ftp://ftp.kde.org/pub/kde/security_patches
- KDE post-3.0-kdelibs-kcookiejar.diff ftp://ftp.kde.org/pub/kde/security_patches
- KDE post-3.0-kdelibs-kcookiejar.diff ftp://ftp.kde.org/pub/kde/security_patches
参考网址
来源: BID 名称: 5691 链接:http://www.securityfocus.com/bid/5691 来源: BUGTRAQ 名称: 20020910 KDE Security Advisory: Secure Cookie Vulnerability 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103175827225044&w=2 来源: www.kde.org 链接:http://www.kde.org/info/security/advisory-20020908-1.txt 来源: XF 名称: kde-konqueror-cookie-hijacking(10083) 链接:http://www.iss.net/security_center/static/10083.php 来源: REDHAT 名称: RHSA-2002:220 链接:http://www.redhat.com/support/errata/RHSA-2002-220.HTML
受影响实体
- Kde Kde:3.0
- Kde Kde:3.0.1
- Kde Kde:3.0.2
补丁
暂无
评论