Описание
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| kde4libs | fixed | 4:4.10.5-1 | package | |
| kde4libs | no-dsa | squeeze | package |
Примечания
https://bugs.kde.org/show_bug.cgi?id=319428
https://github.com/KDE/kdelibs/commit/65d736dab592bced4410ccfa4699de89f78c96ca
https://github.com/KDE/kdelibs/commit/898135a59d91184692ed1bcee8bb4c6d80d6f7b9
EPSS
Связанные уязвимости
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
EPSS