Upstream information
Description
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 5 |
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
SUSE Security Advisories:
- SuSE-SA:2003:044, published Friday, Oct 31st 2003 13:04 MEST
- SuSE-SA:2003:045, published Mon Nov 10 15:00:00 CET 2003
- SuSE-SA:2003:046, published Tuesday, Nov 18th 2003 14:30 MEST
- SuSE-SA:2003:047, published Friday, Nov 28th 2003 15:30 MEST
- SuSE-SA:2003:049, published Thursday, December 4th 2003 15:30 MET
- SuSE-SA:2003:050, published Thursday, Dec 4th 2003 14:30 MET
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 00:23:02 2013CVE page last modified: Fri Dec 8 16:08:58 2023