CVE-2017-6410
First published: Thu Mar 02 2017(Updated: )
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE kdelibs | <=4.14.29 | |
| KDE kio | <=5.31 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/description
- agent/event
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/type
- agent/last-modified-date
- agent/remedy
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/kde
- canonical/kde kdelibs
- version/kde kdelibs/4.14.29
- canonical/kde kio
- version/kde kio/5.31