Vulnerabilities
Vulnerable Software
Kde:  >> Konqueror  >> 3.5.5  Security Vulnerabilities
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these fields cannot be examined in the product, which makes it easier for remote attackers to trick a user into accepting an invalid certificate for a spoofed web site.
CVSS Score
4.3
EPSS Score
0.002
Published
2007-12-28
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attack using HTTP Basic Authentication.
CVSS Score
6.4
EPSS Score
0.005
Published
2007-06-11
Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/.
CVSS Score
5.0
EPSS Score
0.005
Published
2007-04-22
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
CVSS Score
6.8
EPSS Score
0.087
Published
2007-03-21
Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.
CVSS Score
7.8
EPSS Score
0.005
Published
2007-03-21
ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.
CVSS Score
4.3
EPSS Score
0.138
Published
2007-03-07
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.
CVSS Score
2.6
EPSS Score
0.017
Published
2007-01-29


Contact Us

Shodan ® - All rights reserved