KDE Konqueror for KDE 3.1.2 and previous versions does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
kde konqueror 3.0 |
||
kde konqueror 3.0.1 |
||
kde konqueror embedded 0.1 |
||
redhat analog real-time synthesizer 2.1.1-5 |
||
redhat kdelibs 3.0.0-10 |
||
redhat kdelibs 3.1-10 |
||
redhat kdelibs sound 2.1.1-5 |
||
redhat kdelibs sound 2.2-11 |
||
kde konqueror 3.0.5 |
||
kde konqueror 3.1 |
||
redhat kdebase 3.0.3-13 |
||
redhat kdelibs devel 2.2-11 |
||
redhat kdelibs devel 3.0.0-10 |
||
redhat kdelibs sound devel 2.2-11 |
||
kde konqueror 3.0.2 |
||
kde konqueror 3.0.3 |
||
redhat analog real-time synthesizer 2.2-11 |
||
redhat kdelibs devel 2.1.1-5 |
||
redhat kdelibs sound devel 2.1.1-5 |
||
kde konqueror 2.1.1 |
||
kde konqueror 2.2.2 |
||
kde konqueror 3.1.1 |
||
kde konqueror 3.1.2 |
||
redhat kdelibs 2.1.1-5 |
||
redhat kdelibs 2.2-11 |
||
redhat kdelibs devel 3.0.3-8 |
||
redhat kdelibs devel 3.1-10 |
Vulmon