CVE-2017-6410
published 2017-03-02CVE-2017-6410: kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic…
PriorityP422medium5.5CVSS 3.0
AVLACLPRNUIRSUCHINAN
EPSS
0.83%
52.9th percentile
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kio | < kio 5.28.0-2 (bookworm) | kio 5.28.0-2 (bookworm) |
| kde | kdelibs | <= 4.14.29 | — |
| kde | kio | <= 5.31 | — |
| kde | kio | >= 0 < 5.28.0-2 | 5.28.0-2 |
| kde | kio | >= 0 < 5.28.0-2 | 5.28.0-2 |
| kde | kio | >= 0 < 5.28.0-2 | 5.28.0-2 |
| kde | kio | >= 0 < 5.28.0-2 | 5.28.0-2 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv5.5MEDIUM
vendor_debian5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6qcm-9vg4-jxv8: kpac/script
ghsa_unreviewed·2022-05-13
CVE-2017-6410 [MEDIUM] CWE-319 GHSA-6qcm-9vg4-jxv8: kpac/script
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
OSV
CVE-2017-6410: kpac/script
osv·2017-03-02·CVSS 5.5
CVE-2017-6410 [MEDIUM] CVE-2017-6410: kpac/script
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
Ubuntu
KDE-Libs vulnerability
vendor_ubuntu·2017-03-09
CVE-2017-6410 KDE-Libs vulnerability
Title: KDE-Libs vulnerability
Summary: KDE-Libs could be made to expose sensitive information over the network.
Itzik Kotler, Yonatan Fridburg, and Amit Klein discovered that KDE-Libs
incorrectly handled certain PAC files. A remote attacker could possibly use
this issue to obtain sensitive information.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
kdelibs: Information Leak when accessing https when using a malicious PAC file
vendor_redhat·2017-02-28·CVSS 5.5
CVE-2017-6410 [MEDIUM] CWE-200 kdelibs: Information Leak when accessing https when using a malicious PAC file
kdelibs: Information Leak when accessing https when using a malicious PAC file
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
Package: kdelibs (Red Hat Enterprise Linux 5) - Will not fix
Package: kdelibs (Red Hat Enterprise Linux 6) - Will not fix
Package: kdelibs (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2017-6410: kio - kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC ...
vendor_debian·2017·CVSS 5.5
CVE-2017-6410 [MEDIUM] CVE-2017-6410: kio - kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC ...
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
Scope: local
bookworm: resolved (fixed in 5.28.0-2)
bullseye: resolved (fixed in 5.28.0-2)
forky: resolved (fixed in 5.28.0-2)
sid: resolved (fixed in 5.28.0-2)
trixie: resolved (fixed in 5.28.0-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-14744 kdelibs3: kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction [epel-7]
bugzilla·2019-08-12·CVSS 7.8
CVE-2019-14744 [HIGH] CVE-2019-14744 kdelibs3: kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction [epel-7]
CVE-2019-14744 kdelibs3: kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit
Bugzilla
CVE-2017-6410 kdelibs: kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file [fedora-all]
bugzilla·2017-03-01·CVSS 5.5
CVE-2017-6410 [MEDIUM] CVE-2017-6410 kdelibs: kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file [fedora-all]
CVE-2017-6410 kdelibs: kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE:
Bugzilla
CVE-2017-6410 kf5-kio: kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file [fedora-all]
bugzilla·2017-03-01·CVSS 5.5
CVE-2017-6410 [MEDIUM] CVE-2017-6410 kf5-kio: kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file [fedora-all]
CVE-2017-6410 kf5-kio: kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE:
Bugzilla
CVE-2017-6410 kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file
bugzilla·2017-03-01·CVSS 5.5
CVE-2017-6410 [MEDIUM] CVE-2017-6410 kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file
CVE-2017-6410 kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file
Using a malicious PAC file, and then using exfiltration methods in the PAC
function FindProxyForURL() enables the attacker to expose full https URLs.
This is a security issue since https URLs may contain sensitive
information in the URL authentication part (user:password@host), and in the
path and the query (e.g. access tokens).
This attack can be carried out remotely (over the LAN) since proxy settings
allow “Detect Proxy Configuration Automatically”.
This setting uses WPAD to retrieve the PAC file, and an attacker who has access
to the victim’s LAN can interfere with the WPAD protocols (DHCP/DNS+HTTP)
and inject his/her own malicious PAC instead of the legitimate one.
External Refere
Bugzilla
CVE-2017-6410 kf5-kio: kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file [epel-7]
bugzilla·2017-03-01·CVSS 5.5
CVE-2017-6410 [MEDIUM] CVE-2017-6410 kf5-kio: kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file [epel-7]
CVE-2017-6410 kf5-kio: kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
U
2017-03-02
Published