CVE-2013-2074

CWE-200 — Information Exposure8 documents7 sources

Severity

5.0MEDIUM

EPSS

1.5%

top 19.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE Kdelibs

Timeline

PublishedFeb 5

Latest updateMay 17

Description

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDkde/kdelibs4.10.3+3

▶Debiankde4libs< 4:4.10.5-1

🔴Vulnerability Details

GHSA

GHSA-wf2x-h8g9-42vj: kioslave/http/http↗2022-05-17

▶

OSV

CVE-2013-2074: kioslave/http/http↗2014-02-05

▶

CVEList

CVE-2013-2074: kioslave/http/http↗2014-02-05

▶

📋Vendor Advisories

Ubuntu

KDE-Libs vulnerability↗2013-05-29

▶

Red Hat

kdelibs: prints passwords contained in HTTP URLs in error messages↗2013-05-06

▶

💬Community

Bugzilla

CVE-2013-2241 gallery3: Multiple information exposure flaws in data rest core module↗2013-07-04

▶

Bugzilla

CVE-2013-2074 kdelibs: prints passwords contained in HTTP URLs in error messages↗2013-05-10

▶