First published: Fri Aug 01 2003(Updated: )
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Kdelibs | =3.0.0-10 | |
KDE Konqueror | =3.1.2 | |
Redhat Kdelibs | =2.2-11 | |
KDE Konqueror | =3.0.2 | |
Redhat Kdelibs Devel | =2.2-11 | |
Redhat Kdelibs Sound Devel | =2.2-11 | |
Redhat Analog Real-time Synthesizer | =2.2-11 | |
KDE Konqueror | =2.2.2 | |
KDE Konqueror | =3.1 | |
KDE Konqueror | =3.0 | |
KDE Konqueror | =3.0.1 | |
Redhat Kdelibs | =3.1-10 | |
Redhat Kdelibs Sound | =2.1.1-5 | |
Redhat Kdelibs Sound | =2.2-11 | |
Redhat Kdebase | =3.0.3-13 | |
Redhat Kdebase | =3.0.3-13 | |
Redhat Kdelibs Devel | =3.0.0-10 | |
Redhat Kdelibs Sound Devel | =2.2-11 | |
KDE Konqueror | =3.0.3 | |
Redhat Analog Real-time Synthesizer | =2.2-11 | |
Redhat Kdelibs Devel | =2.1.1-5 | |
Redhat Kdelibs Devel | =2.2-11 | |
Redhat Kdelibs Sound Devel | =2.1.1-5 | |
KDE Konqueror | =3.1.1 | |
Redhat Kdelibs | =2.1.1-5 | |
Redhat Kdelibs Devel | =3.0.3-8 | |
Redhat Kdelibs Devel | =3.1-10 | |
Kde Konqueror Embedded | =0.1 | |
Redhat Analog Real-time Synthesizer | =2.1.1-5 | |
KDE Konqueror | =3.0.5 | |
Redhat Kdelibs Sound | =2.2-11 | |
KDE Konqueror | =2.1.1 | |
Redhat Kdelibs | =2.2-11 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.