Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2003-0459

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

  • Published: Aug 27, 2003
  • Updated: Apr 13, 2023
  • CVE: CVE-2003-0459
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
redhat / kdelibs 3.0.0-10 3.0.0-10.x
kde / konqueror 3.1.2 3.1.2.x
redhat / kdelibs 2.2-11 2.2-11.x
kde / konqueror 3.0.2 3.0.2.x
redhat / kdelibs_devel 2.2-11 2.2-11.x
redhat / kdelibs_sound_devel 2.2-11 2.2-11.x
redhat / analog_real-time_synthesizer 2.2-11 2.2-11.x
kde / konqueror 2.2.2 2.2.2.x
kde / konqueror 3.1 3.1.x
kde / konqueror 3.0 3.0.x
kde / konqueror 3.0.1 3.0.1.x
redhat / kdelibs 3.1-10 3.1-10.x
redhat / kdelibs_sound 2.1.1-5 2.1.1-5.x
redhat / kdelibs_sound 2.2-11 2.2-11.x
redhat / kdebase 3.0.3-13 3.0.3-13.x
redhat / kdelibs_devel 3.0.0-10 3.0.0-10.x
kde / konqueror 3.0.3 3.0.3.x
redhat / kdelibs_devel 2.1.1-5 2.1.1-5.x
redhat / kdelibs_sound_devel 2.1.1-5 2.1.1-5.x
kde / konqueror 3.1.1 3.1.1.x
redhat / kdelibs 2.1.1-5 2.1.1-5.x
redhat / kdelibs_devel 3.0.3-8 3.0.3-8.x
redhat / kdelibs_devel 3.1-10 3.1-10.x
kde / konqueror_embedded 0.1 0.1.x
redhat / analog_real-time_synthesizer 2.1.1-5 2.1.1-5.x
kde / konqueror 3.0.5 3.0.5.x
kde / konqueror 2.1.1 2.1.1.x