CVE-2003-0459 — Vulnetix

CVE-2003-0459 PUBLISHED CVSS 5 MEDIUM

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

EPSS 1.53% · 81.6th percentile

Risk Scores

CVSS 2.0

EPSS Score

1.53%

81.6th percentile

Affected Products

Vendor	Product	Versions
redhat	kdebase	3.0.3-13, 3.0.3-13
kde	konqueror_embedded	0.1
redhat	kdelibs_sound	2.2-11, 2.1.1-5, 2.2-11
redhat	analog_real-time_synthesizer	2.2-11, 2.2-11, 2.1.1-5
redhat	kdelibs_devel	2.1.1-5, 2.2-11, 3.1-10
redhat	kdelibs	3.0.0-10, 2.2-11, 2.2-11
kde	konqueror	2.1.1, 2.2.2, 3.0
n/a	n/a	*
redhat	kdelibs_sound_devel	2.1.1-5, 2.2-11, 2.2-11

Exploit Intelligence

20030729 KDE Security Advisory: Konqueror Referrer Authentication Leak (circl)
http://www.kde.org/info/security/advisory-20030729-1.txt (circl)
CLA-2003:747 (circl)
DSA-361 (circl)
oval:org.mitre.oval:def:411 (circl)
20030802 [slackware-security] KDE packages updated (SSA:2003-213-01) (circl)
RHSA-2003:236 (circl)
RHSA-2003:235 (circl)
TLSA-2003-45 (circl)
MDKSA-2003:079 (circl)

Timeline

Aug 1, 2003 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Apr 29, 2022 CVE Updated
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 25, 2023 EPSS Score

References

http://www.debian.org/security/2003/dsa-361 url
20030729 KDE Security Advisory: Konqueror Referrer Authentication Leak mailing-list
http://www.kde.org/info/security/advisory-20030729-1.txt url
CLA-2003:747 vendor-advisory
oval:org.mitre.oval:def:411 vdb
20030802 [slackware-security] KDE packages updated (SSA:2003-213-01) mailing-list
RHSA-2003:236 vendor-advisory
RHSA-2003:235 vendor-advisory
TLSA-2003-45 vendor-advisory
MDKSA-2003:079 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2003-0459 advisory

Open in Interactive Console →