CVE-2002-1152
First published: Fri Oct 11 2002(Updated: )
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE Kde Beta 3 | =3.0 | |
| KDE Kde Beta 3 | =3.0.1 | |
| KDE Kde Beta 3 | =3.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-1152?
CVE-2002-1152 is classified as a moderate vulnerability due to its potential to expose sensitive cookie information over unencrypted channels.
How do I fix CVE-2002-1152?
To fix CVE-2002-1152, upgrade to KDE version 3.0.3 or later, where the secure flag handling in cookies has been improved.
Who is affected by CVE-2002-1152?
CVE-2002-1152 affects users of KDE 3.0 to 3.0.2, specifically on browsers using Konqueror.
What can attackers do with CVE-2002-1152?
Attackers can potentially steal sensitive cookies from users by sniffing unencrypted network traffic due to the improper handling of the secure cookie flag.
Is CVE-2002-1152 a local or remote vulnerability?
CVE-2002-1152 is a remote vulnerability, allowing attackers to exploit it without needing physical access to the affected system.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/description
- agent/remedy
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/kde
- product/kde
- canonical/kde kde
- canonical/kde kde beta 3
- version/kde kde beta 3/3.0
- version/kde kde beta 3/3.0.1
- version/kde kde beta 3/3.0.2