KDE安全Cookie暴露漏洞

漏洞信息详情

KDE安全Cookie暴露漏洞

• CNNVD编号：CNNVD-200210-260
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2002-1152
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2002-10-11
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-12
  
• 厂        商：
  
  kde
• 漏洞来源：
  This issue was pub…

KDE 3.0版本到3.0.2版本的Konqueror不能正确地察觉HTTP cookie中的\”secure\”标志，该漏洞可能导致Konqueror穿过非加密通道发送cookie，远程攻击者可以借助侦测窃取cookie。

RedHat has released an advisory, RHSA-2002:220-40, that contains many fixes. Information about obtaining and applying fixes are available in the referenced advisory.
The vendor has addressed this issue in KDE 3.0.3. Users are advised to upgrade. Patches are also available.
KDE KDE 3.0

• KDE post-3.0-kdelibs-kcookiejar.diff
  ftp://ftp.kde.org/pub/kde/security_patches

KDE KDE 3.0.1

• KDE post-3.0-kdelibs-kcookiejar.diff
  ftp://ftp.kde.org/pub/kde/security_patches

KDE KDE 3.0.2

• KDE post-3.0-kdelibs-kcookiejar.diff
  ftp://ftp.kde.org/pub/kde/security_patches

来源: BID
名称: 5691
链接:http://www.securityfocus.com/bid/5691

来源: BUGTRAQ
名称: 20020910 KDE Security Advisory: Secure Cookie Vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103175827225044&w=2

来源: www.kde.org
链接:http://www.kde.org/info/security/advisory-20020908-1.txt

来源: XF
名称: kde-konqueror-cookie-hijacking(10083)
链接:http://www.iss.net/security_center/static/10083.php

来源: REDHAT
名称: RHSA-2002:220
链接:http://www.redhat.com/support/errata/RHSA-2002-220.html