CVE-2003-0459

5 documents5 sources

Severity

5.0MEDIUM

EPSS

1.5%

top 18.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE Konqueror KDE Konqueror Embedded Redhat Analog Real-time Synthesizer +5 more

Timeline

PublishedAug 27

Latest updateApr 29

Description

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages8 packages

▶NVDkde/konqueror10 versions+9

▶NVDkde/konqueror_embedded0.1

▶NVDredhat/kdebase3.0.3-13

▶NVDredhat/kdelibs4 versions+3

▶NVDredhat/kdelibs_devel5 versions+4

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-pfc7-m6xf-fmg6: KDE Konqueror for KDE 3↗2022-04-29

▶

CVEList

CVE-2003-0459: KDE Konqueror for KDE 3↗2003-08-01

▶

📋Vendor Advisories

Red Hat

security flaw↗2003-07-29

▶

💬Community

Bugzilla

CVE-2003-0459 security flaw↗2018-08-16

▶