Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0459

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0459
Last Modified 10 Sep 2008 03:19:03
Published 27 Aug 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0459

Summary

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

Vulnerable Systems

Application

  • Kde Konqueror 2.1.1

  • Kde Konqueror 2.2.2

  • Kde Konqueror 3.0

  • Kde Konqueror 3.0.1

  • Kde Konqueror 3.0.2

  • Kde Konqueror 3.0.3

  • Kde Konqueror 3.0.5

  • Kde Konqueror 3.1

  • Kde Konqueror 3.1.1

  • Kde Konqueror 3.1.2

  • Kde Konqueror Embedded 0.1

  • Redhat Analog Real-time Synthesizer 2.1.1-5

  • Redhat Analog Real-time Synthesizer 2.2-11

  • Redhat Kdebase 3.0.3-13

  • Redhat Kdelibs 2.1.1-5

  • Redhat Kdelibs 2.2-11

  • Redhat Kdelibs 3.0.0-10

  • Redhat Kdelibs 3.1-10

  • Redhat Kdelibs Devel 2.1.1-5

  • Redhat Kdelibs Devel 2.2-11

  • Redhat Kdelibs Devel 3.0.0-10

  • Redhat Kdelibs Devel 3.0.3-8

  • Redhat Kdelibs Devel 3.1-10

  • Redhat Kdelibs Sound 2.1.1-5

  • Redhat Kdelibs Sound 2.2-11

  • Redhat Kdelibs Sound Devel 2.1.1-5

  • Redhat Kdelibs Sound Devel 2.2-11


References

REDHAT - RHSA-2003:236

REDHAT - RHSA-2003:235

BUGTRAQ - 20030802 [slackware-security] KDE packages updated (SSA:2003-213-01)

TURBO - TLSA-2003-45

CONFIRM - http://www.kde.org/info/security/advisory-20030729-1.txt

DEBIAN - DSA-361

FULLDISC - 20030729 KDE Security Advisory: Konqueror Referrer Authentication Leak

MANDRAKE - MDKSA-2003:079

CONECTIVA - CLA-2003:747


Last Updated: 27 May 2016 10:37:55