CVE-2003-0459

EPSS 1.53%
Veröffentlicht 27.08.2003 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kde ≫ Konqueror Version2.1.1

Kde ≫ Konqueror Version2.2.2

Kde ≫ Konqueror Version3.0

Kde ≫ Konqueror Version3.0.1

Kde ≫ Konqueror Version3.0.2

Kde ≫ Konqueror Version3.0.3

Kde ≫ Konqueror Version3.0.5

Kde ≫ Konqueror Version3.1

Kde ≫ Konqueror Version3.1.1

Kde ≫ Konqueror Version3.1.2

Kde ≫ Konqueror Embedded Version0.1

Redhat ≫ Analog Real-time Synthesizer Version2.1.1-5 Editioni386

Redhat ≫ Analog Real-time Synthesizer Version2.2-11 Editioni386

Redhat ≫ Analog Real-time Synthesizer Version2.2-11 Editionia64

Redhat ≫ Kdebase Version3.0.3-13 Editioni386

Redhat ≫ Kdebase Version3.0.3-13 Editioni386_dev

Redhat ≫ Kdelibs Version2.1.1-5 Editioni386

Redhat ≫ Kdelibs Version2.2-11 Editioni386

Redhat ≫ Kdelibs Version2.2-11 Editionia64

Redhat ≫ Kdelibs Version3.0.0-10 Editioni386

Redhat ≫ Kdelibs Version3.1-10 Editioni386

Redhat ≫ Kdelibs Devel Version2.1.1-5 Editioni386_dev

Redhat ≫ Kdelibs Devel Version2.2-11 Editioni386_dev

Redhat ≫ Kdelibs Devel Version2.2-11 Editionia64_dev

Redhat ≫ Kdelibs Devel Version3.0.0-10 Editioni386_dev

Redhat ≫ Kdelibs Devel Version3.0.3-8 Editioni386_dev

Redhat ≫ Kdelibs Devel Version3.1-10 Editioni386_dev

Redhat ≫ Kdelibs Sound Version2.1.1-5 Editioni386_sound

Redhat ≫ Kdelibs Sound Version2.2-11 Editioni386_sound

Redhat ≫ Kdelibs Sound Version2.2-11 Editionia64_sound

Redhat ≫ Kdelibs Sound Devel Version2.1.1-5 Editioni386_sound_dev

Redhat ≫ Kdelibs Sound Devel Version2.2-11 Editioni386_sound_dev

Redhat ≫ Kdelibs Sound Devel Version2.2-11 Editionia64_sound_dev

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.53%	0.797

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747

http://www.debian.org/security/2003/dsa-361

http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html

http://marc.info/?l=bugtraq&m=105986238428061&w=2

http://www.kde.org/info/security/advisory-20030729-1.txt

http://www.mandriva.com/security/advisories?name=MDKSA-2003:079

http://www.redhat.com/support/errata/RHSA-2003-235.html

Patch

Vendor Advisory

http://www.redhat.com/support/errata/RHSA-2003-236.html

Patch

Vendor Advisory

http://www.turbolinux.com/security/TLSA-2003-45.txt

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411

https://nvd.nist.gov/vuln/detail/CVE-2003-0459

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2003-0459

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2003-0459

EUVD