| Definition Id: oval:org.mitre.oval:def:411 |
Version: 2
Last Modified: 2007-04-10
|
| Title: |
KDE Konqueror Userid/Password Disclosure Vulnerability |
| Description: |
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. |
| Family: |
unix |
Class: |
vulnerability |
| Status: |
ACCEPTED |
Reference(s): |
CVE-2003-0459
|
| Platform(s): |
Red Hat Linux 9 |
Product(s): |
Konqueror |
| Definition Synopsis: |
- Software section
- AND Configuration section
- /usr/bin/konqueror is executable
|
