Vulnerability in Kde Konqueror
CVE-2003-0459
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to th…
EPSS: 0.029 (85.1th percentile) — read the EPSS interpretation.
Affected products
- Kde Konqueror — versions 2.1.1, 2.2.2, 3.0
- Kde Konqueror_embedded — versions 0.1
- Redhat Analog_real-time_synthesizer — versions 2.1.1-5, 2.2-11
- Redhat Kdebase — versions 3.0.3-13
- Redhat Kdelibs — versions 2.1.1-5, 2.2-11, 3.0.0-10
- Redhat Kdelibs_devel — versions 2.1.1-5, 2.2-11, 3.0.0-10
- Redhat Kdelibs_sound — versions 2.1.1-5, 2.2-11
- Redhat Kdelibs_sound_devel — versions 2.1.1-5, 2.2-11
- N/a — versions n/a
References
- cve@mitre.org (mailing-list, x_refsource_FULLDISC)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (vendor-advisory, x_refsource_CONECTIVA)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_OVAL, signature, vdb-entry)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Patch, Vendor Advisory)
- cve@mitre.org (x_refsource_REDHAT, vendor-advisory, Patch, Vendor Advisory)
- cve@mitre.org (vendor-advisory, x_refsource_TURBO)
- cve@mitre.org (vendor-advisory, x_refsource_MANDRAKE)