{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-17T00:00:00", "descriptions": [{"lang": "en", "value": "kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-03-25T12:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2015:0573", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"}, {"name": "68113", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68113"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kde.org/info/security/advisory-20140618-1.txt"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:43:06.151Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2015:0573", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"}, {"name": "68113", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68113"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kde.org/info/security/advisory-20140618-1.txt"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-3494", "datePublished": "2014-07-01T16:00:00", "dateReserved": "2014-05-14T00:00:00", "dateUpdated": "2024-08-06T10:43:06.151Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kde:kdelibs:4.10.97:*:*:*:*:*:*:*", "matchCriteriaId": "B34C3204-4A63-4490-ABED-AF83CE3F37E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "39EAE85E-BF52-45EA-82D8-BBBC0DE9759C", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "4B4D1998-D62F-4D0E-8E6C-33D4760BE69D", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "13CD2D8F-32F6-4AC4-B43C-506724EA6E38", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "4733C600-C5D6-4A5D-A1DF-1F41597F6926", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.4:*:*:*:*:*:*:*", "matchCriteriaId": "BC7EBD3A-EDFC-4B8F-9095-5E0670AF991E", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.5:*:*:*:*:*:*:*", "matchCriteriaId": "55EC512F-3F86-40DA-AA7B-034DA9B5DBA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.80:*:*:*:*:*:*:*", "matchCriteriaId": "08FF236F-A7D5-4D08-8885-BD1889B0D398", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.90:*:*:*:*:*:*:*", "matchCriteriaId": "5F5EDED4-34A3-4D2B-A9E7-D980D78E10EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.95:*:*:*:*:*:*:*", "matchCriteriaId": "46457BB9-BD24-4437-AFDA-01D25E52410E", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.11.97:*:*:*:*:*:*:*", "matchCriteriaId": "52A2D11C-26D2-47F1-9D34-60DB3116C39E", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "A58204C3-0DEC-462B-A6B8-5EC1D9B65729", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.1:*:*:*:*:*:*:*", "matchCriteriaId": "C767A89D-BA45-4730-BA2D-AAC2BA7436E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "9A5FC4CC-DC0C-44D8-AAF6-A15CF7E6BD5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.3:*:*:*:*:*:*:*", "matchCriteriaId": "24629660-4066-4362-AD77-080604488303", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "718095EE-ADEC-4E28-B678-DA3D636BBE32", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "EA3E3729-298F-43C3-9BE0-82072FE47F9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.80:*:*:*:*:*:*:*", "matchCriteriaId": "B6FC3277-8410-437F-813A-63254E983A5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.90:*:*:*:*:*:*:*", "matchCriteriaId": "88E2B874-46DF-4A95-9541-14CF70E2A73D", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.95:*:*:*:*:*:*:*", "matchCriteriaId": "1A593BA6-D3B2-48EE-AC9E-B84967D03B37", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.12.97:*:*:*:*:*:*:*", "matchCriteriaId": "14034B30-9DE0-43EE-A79D-D4FC624D6C86", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "2A34BC1E-102D-43EF-A7BD-46E9866B07ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:kde:kdelibs:4.13.1:*:*:*:*:*:*:*", "matchCriteriaId": "90E66075-D997-4C6D-94AA-DE224B12BB2D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate."}, {"lang": "es", "value": "kio/usernotificationhandler.cpp en POP3 kioslave en kdelibs 4.10.95 anterior a 4.13.3 no genera debidamente notificaciones de aviso, lo que permite a atacantes man-in-the-middle obtener informaci\u00f3n sensible a trav\u00e9s de un certificado inv\u00e1lido."}], "id": "CVE-2014-3494", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-07-01T16:55:02.980", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Patch"], "url": "http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.kde.org/info/security/advisory-20140618-1.txt"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/68113"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00068.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.kde.org/info/security/advisory-20140618-1.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/68113"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kdelibs: POP3 kioslave silently accepted invalid SSL certificates", "id": "1111022", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1111022"}, "csaw": false, "cvss": {"cvss_base_score": "5.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "status": "draft"}, "cwe": "CWE-295", "details": ["kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate."], "name": "CVE-2014-3494", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "kdelibs", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kdelibs", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kdelibs3", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kdelibs", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2014-06-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-3494\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-3494"], "threat_severity": "Moderate"}