Описание
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2003-0459
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html
- http://marc.info/?l=bugtraq&m=105986238428061&w=2
- http://www.debian.org/security/2003/dsa-361
- http://www.kde.org/info/security/advisory-20030729-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:079
- http://www.redhat.com/support/errata/RHSA-2003-235.html
- http://www.redhat.com/support/errata/RHSA-2003-236.html
- http://www.turbolinux.com/security/TLSA-2003-45.txt
EPSS
CVE ID
Связанные уязвимости
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...
Уязвимость операционной системы Red Hat Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность защищаемой информации
EPSS