CVE-2002-1152

Name of the Vulnerable Software and Affected Versions kde-i18n-Catalan version 3.0.3 kde-i18n-Danish version 3.0.3 kde-i18n-Czech version 3.0.3 kde-i18n-Chinese-Big5 version 3.0.3 kde-i18n-3.0.3 version 3.0.3 kde-i18n-British version 3.0.3 kde-i18n-Brazil version 3.0.3 kde-i18n-Afrikaans version 3.0.3 kde-i18n-Chinese version 3.0.3 kdelibs version 2.2.2 kdelibs-devel version 2.2.2 kdelibs-sound version 2.2.2 kdelibs-sound-devel version 2.2.2 kdegraphics version 2.2.2 kdegraphics-devel version 2.2.2 kdegraphics version 3.0.3 kdemultimedia version 3.0.3 kdeadmin version 3.0.3 kdevelop version 2.1.3 kdesdk version 3.0.3 kdeutils version 3.0.3 kdeartwork version 3.0.3 kdepim version 3.0.3 kdenetwork version 2.2.2 kdenetwork-ppp version 2.2.2 kdenetwork version 3.0.3 kdebindings version 3.0.3 kaboodle version 3.0.3 kamera version 3.0.3 karm version 3.0.3 kcharselect version 3.0.3 kcoloredit version 3.0.3 qt version 3.0.5 KDE versions 3.0 through 3.0.2

Description The issue affects various packages of the Red Hat Linux operating system, including kde-i18n, kdelibs, kdegraphics, kdemultimedia, kdeadmin, kdevelop, kdesdk, kdeutils, kdeartwork, kdepim, kdenetwork, kdebindings, kaboodle, kamera, karm, kcharselect, kcoloredit, and qt. The vulnerabilities can lead to a breach of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel.

Recommendations As a temporary workaround, consider disabling the vulnerable components until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using sensitive information in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.