CVE-2003-0459 in KDEinfo

Summary

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

06/26/2003

Disclosure

08/27/2003

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
20741	KDE Konqueror Password information disclosure	200	Not defined	Not defined	CVE-2003-0459
204	KDE Konqueror Referer information disclosure		Proof-of-Concept	Official fix	CVE-2003-0459

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!