Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2013-2074

Published: 05/02/2014 Updated: 25/02/2014
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Kdelibs

Vulnerability Summary

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and previous versions allows malicious users to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.

Vulnerable Product Search on Vulmon Subscribe to Product

kde kdelibs

kde kdelibs 4.10.1

kde kdelibs 4.10.2

kde kdelibs 4.10.0

Vendor Advisories

Debian CVElist Bug Report Logs: kde4libs: CVE-2013-2074: prints passwords contained in HTTP URLs in error messages
Debian Bug report logs - #707776 kde4libs: CVE-2013-2074: prints passwords contained in HTTP URLs in error messages Package: kde4libs; Maintainer for kde4libs is Debian/Kubuntu Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 11 May 2013 08:33:01 UTC ...
Ubuntu Security Notice: kde4libs vulnerability
KDE-Libs could be made to expose web credentials ...
Red Hat: CVE-2013-2074
kioslave/http/httpcpp in KIO in kdelibs 4103 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message ...

References

CWE-200http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776https://bugs.kde.org/show_bug.cgi?id=319428http://www.osvdb.org/93244http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure/https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpphttp://ubuntu.com/usn/usn-1842-1http://www.openwall.com/lists/oss-security/2013/05/11/2https://bugzilla.redhat.com/show_bug.cgi?id=961981http://www.openwall.com/lists/oss-security/2013/05/10/4https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776https://usn.ubuntu.com/1842-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-2074
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook