Vulnerability Details CVE-2003-0459
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html
- http://marc.info/?l=bugtraq&m=105986238428061&w=2
- http://www.debian.org/security/2003/dsa-361
- http://www.kde.org/info/security/advisory-20030729-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:079
- http://www.redhat.com/support/errata/RHSA-2003-235.html
- http://www.redhat.com/support/errata/RHSA-2003-236.html
- http://www.turbolinux.com/security/TLSA-2003-45.txt
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html
- http://marc.info/?l=bugtraq&m=105986238428061&w=2
- http://www.debian.org/security/2003/dsa-361
- http://www.kde.org/info/security/advisory-20030729-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:079
- http://www.redhat.com/support/errata/RHSA-2003-235.html
- http://www.redhat.com/support/errata/RHSA-2003-236.html
- http://www.turbolinux.com/security/TLSA-2003-45.txt
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411
Products affected by CVE-2003-0459
-
cpe:2.3:a:kde:konqueror:2.1.1
-
cpe:2.3:a:kde:konqueror:2.2.2
-
cpe:2.3:a:kde:konqueror:3.0
-
cpe:2.3:a:kde:konqueror:3.0.1
-
cpe:2.3:a:kde:konqueror:3.0.2
-
cpe:2.3:a:kde:konqueror:3.0.3
-
cpe:2.3:a:kde:konqueror:3.0.5
-
cpe:2.3:a:kde:konqueror:3.1
-
cpe:2.3:a:kde:konqueror:3.1.1
-
cpe:2.3:a:kde:konqueror:3.1.2
-
cpe:2.3:a:kde:konqueror_embedded:0.1
-
cpe:2.3:a:redhat:analog_real-time_synthesizer:2.1.1-5
-
cpe:2.3:a:redhat:analog_real-time_synthesizer:2.2-11
-
cpe:2.3:a:redhat:kdebase:3.0.3-13
-
cpe:2.3:a:redhat:kdelibs:2.1.1-5
-
cpe:2.3:a:redhat:kdelibs:2.2-11
-
cpe:2.3:a:redhat:kdelibs:3.0.0-10
-
cpe:2.3:a:redhat:kdelibs:3.1-10
-
cpe:2.3:a:redhat:kdelibs_devel:2.1.1-5
-
cpe:2.3:a:redhat:kdelibs_devel:2.2-11
-
cpe:2.3:a:redhat:kdelibs_devel:3.0.0-10
-
cpe:2.3:a:redhat:kdelibs_devel:3.0.3-8
-
cpe:2.3:a:redhat:kdelibs_devel:3.1-10
-
cpe:2.3:a:redhat:kdelibs_sound:2.1.1-5
-
cpe:2.3:a:redhat:kdelibs_sound:2.2-11
-
cpe:2.3:a:redhat:kdelibs_sound_devel:2.1.1-5
-
cpe:2.3:a:redhat:kdelibs_sound_devel:2.2-11