Vulnerability CVE-2007-3820


Published: 2007-07-16   Modified: 2012-02-12

Description:
konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Opera/Konqueror: data: URL scheme address bar spoofing
Robert Swiecki
21.07.2007

Type:

CWE-Other

CVSS2 => (AV:N/AC:H/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
KDE -> Konqueror 

 References:
http://securityreason.com/securityalert/2905
http://www.kde.org/info/security/advisory-20070816-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:176
http://www.redhat.com/support/errata/RHSA-2007-0905.html
http://www.redhat.com/support/errata/RHSA-2007-0909.html
http://www.securityfocus.com/archive/1/473703/100/0/threaded
http://www.securityfocus.com/archive/1/473712/100/0/threaded
http://www.securityfocus.com/bid/24912
http://www.securityfocus.com/bid/24918
http://www.securitytracker.com/id?1018396
http://www.ubuntu.com/usn/usn-502-1
http://www.vupen.com/english/advisories/2007/2538
https://exchange.xforce.ibmcloud.com/vulnerabilities/35430
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10345
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00085.html

Copyright 2024, cxsecurity.com

 

Back to Top