7.5

CVE-2003-0692

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeKde Version1.1
KdeKde Version1.1.1
KdeKde Version1.1.2
KdeKde Version1.2
KdeKde Version2.0
KdeKde Version2.0.1
KdeKde Version2.0_beta
KdeKde Version2.1
KdeKde Version2.1.1
KdeKde Version2.1.2
KdeKde Version2.2
KdeKde Version2.2.1
KdeKde Version2.2.2
KdeKde Version3.0
KdeKde Version3.0.1
KdeKde Version3.0.2
KdeKde Version3.0.3
KdeKde Version3.0.3a
KdeKde Version3.0.4
KdeKde Version3.0.5
KdeKde Version3.0.5a
KdeKde Version3.0.5b
KdeKde Version3.1
KdeKde Version3.1.1
KdeKde Version3.1.1a
KdeKde Version3.1.2
KdeKde Version3.1.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.68% 0.838
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html
http://marc.info/?l=bugtraq&m=106374551513499&w=2
http://www.debian.org/security/2003/dsa-388
Patch
Vendor Advisory
http://www.kde.org/info/security/advisory-20030916-1.txt
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2003:091
http://www.redhat.com/support/errata/RHSA-2003-270.html
Patch
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2003-288.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A215