Vulnerability CVE-2003-0459


Published: 2003-08-27   Modified: 2012-02-12

Description:
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

Vendor: KDE
Product: Konqueror 
Version:
3.1.2
3.1.1
3.1
3.0.5
3.0.3
3.0.2
3.0.1
3.0
2.2.2
2.1.1
Product: Konqueror embedded 
Version: 0.1;
Vendor: Redhat
Product: Kdelibs devel 
Version:
3.1-10
3.0.3-8
3.0.0-10
2.2-11
2.1.1-5
Product: Kdelibs 
Version:
3.1-10
3.0.0-10
2.2-11
2.1.1-5
Product: Kdebase 
Version: 3.0.3-13;
Product: Analog real-time synthesizer 
Version: 2.2-11; 2.1.1-5;
Product: Kdelibs sound 
Version: 2.2-11; 2.1.1-5;
Product: Kdelibs sound devel 
Version: 2.2-11; 2.1.1-5;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html
http://marc.info/?l=bugtraq&m=105986238428061&w=2
http://www.debian.org/security/2003/dsa-361
http://www.kde.org/info/security/advisory-20030729-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2003:079
http://www.redhat.com/support/errata/RHSA-2003-235.html
http://www.redhat.com/support/errata/RHSA-2003-236.html
http://www.turbolinux.com/security/TLSA-2003-45.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411

Related CVE
CVE-2018-1051
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.
CVE-2018-5748
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
CVE-2018-1048
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the ...
CVE-2018-1047
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.
CVE-2017-12197
It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive informatio...
CVE-2016-6814
When an application with unsupported Codehaus versions of Groovy from 1.7.0 to 2.4.3, Apache Groovy 2.4.4 to 2.4.7 on classpath uses standard Java serialization mechanisms, e.g. to communicate between servers or to store local data, it was possible f...
CVE-2017-15128
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).
CVE-2017-15127
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).

Copyright 2018, cxsecurity.com

 

Back to Top