Redhat Kdebase vulnerabilities

CVE-2003-0459 [MEDIUM] CVE-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

CVE-2003-0548 [MEDIUM] CVE-2003-0548: The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to ca The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.

CVE-2003-0549 [MEDIUM] CVE-2003-0549: The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to ca The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.

CVE-2003-0547 [LOW] CVE-2003-0547: GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbi GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.