KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:44
Type | Values Removed | Values Added |
---|---|---|
References | () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 - | |
References | () http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html - | |
References | () http://marc.info/?l=bugtraq&m=105986238428061&w=2 - | |
References | () http://www.debian.org/security/2003/dsa-361 - | |
References | () http://www.kde.org/info/security/advisory-20030729-1.txt - | |
References | () http://www.mandriva.com/security/advisories?name=MDKSA-2003:079 - | |
References | () http://www.redhat.com/support/errata/RHSA-2003-235.html - Patch, Vendor Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2003-236.html - Patch, Vendor Advisory | |
References | () http://www.turbolinux.com/security/TLSA-2003-45.txt - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411 - |
Information
Published : 2003-08-27 04:00
Updated : 2024-11-20 23:44
NVD link : CVE-2003-0459
Mitre link : CVE-2003-0459
CVE.ORG link : CVE-2003-0459
JSON object : View
Products Affected
kde
- konqueror
- konqueror_embedded
redhat
- kdebase
- kdelibs_sound
- kdelibs_sound_devel
- kdelibs_devel
- analog_real-time_synthesizer
- kdelibs
CWE