Vulnerability CVE-2003-0459


Published: 2003-08-27   Modified: 2012-02-12

Description:
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

Vendor: KDE
Product: Konqueror 
Version:
3.1.2
3.1.1
3.1
3.0.5
3.0.3
3.0.2
3.0.1
3.0
2.2.2
2.1.1
Product: Konqueror embedded 
Version: 0.1;
Vendor: Redhat
Product: Kdelibs devel 
Version:
3.1-10
3.0.3-8
3.0.0-10
2.2-11
2.1.1-5
Product: Kdelibs 
Version:
3.1-10
3.0.0-10
2.2-11
2.1.1-5
Product: Kdebase 
Version: 3.0.3-13;
Product: Analog real-time synthesizer 
Version: 2.2-11; 2.1.1-5;
Product: Kdelibs sound 
Version: 2.2-11; 2.1.1-5;
Product: Kdelibs sound devel 
Version: 2.2-11; 2.1.1-5;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html
http://marc.info/?l=bugtraq&m=105986238428061&w=2
http://www.debian.org/security/2003/dsa-361
http://www.kde.org/info/security/advisory-20030729-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2003:079
http://www.redhat.com/support/errata/RHSA-2003-235.html
http://www.redhat.com/support/errata/RHSA-2003-236.html
http://www.turbolinux.com/security/TLSA-2003-45.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411

Related CVE
CVE-2018-2815
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Serialization). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploi...
CVE-2018-2814
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161. Difficult to exploit vulnerability allows unaut...
CVE-2018-2811
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Install). Supported versions that are affected are Java SE: 8u162 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure wher...
CVE-2018-2800
Vulnerability in the Java SE, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker wit...
CVE-2018-2799
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vulnerabil...
CVE-2018-2798
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vuln...
CVE-2018-2797
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JMX). Supported versions that are affected are Java SE: 6u181, 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vuln...
CVE-2018-2796
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Concurrency). Supported versions that are affected are Java SE: 7u171, 8u162 and 10; Java SE Embedded: 8u161; JRockit: R28.3.17. Easily exploitable vul...

Copyright 2018, cxsecurity.com

 

Back to Top