CVE-2003-0459 — Vulnetix

Try Vulnetix Request Demo

CVE-2003-0459 PUBLISHED CVSS 5 MEDIUM

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

EPSS 1.53% · 81.2th percentile

Risk Scores

CVSS v2.0

5

EPSS Score

1.53%

81.2th percentile

Affected Products

Vendor	Product	Versions
redhat	kdebase	3.0.3-13, 3.0.3-13
kde	konqueror_embedded	0.1
redhat	kdelibs_sound	2.1.1-5, 2.2-11, 2.2-11
redhat	analog_real-time_synthesizer	2.2-11, 2.2-11, 2.1.1-5
redhat	kdelibs_devel	2.2-11, 2.2-11, 3.0.3-8
redhat	kdelibs	2.1.1-5, 2.2-11, 2.2-11
kde	konqueror	3.1.1, 3.0.3, 3.0.5
n/a	n/a	n/a
redhat	kdelibs_sound_devel	2.2-11, 2.2-11, 2.1.1-5

Timeline

Aug 1, 2003 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Apr 29, 2022 CVE Updated
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

http://www.debian.org/security/2003/dsa-361 url
20030729 KDE Security Advisory: Konqueror Referrer Authentication Leak mailing-list
http://www.kde.org/info/security/advisory-20030729-1.txt url
CLA-2003:747 vendor-advisory
oval:org.mitre.oval:def:411 vdb
20030802 [slackware-security] KDE packages updated (SSA:2003-213-01) mailing-list
RHSA-2003:236 vendor-advisory
RHSA-2003:235 vendor-advisory
TLSA-2003-45 vendor-advisory
MDKSA-2003:079 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2003-0459 advisory

Open in Interactive Console →