Vulnerabilities > CVE-2003-0459
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
Vulnerable Configurations
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2003-236.NASL description This erratum provides updated KDE packages that resolve a security issue in Konquerer. KDE is a graphical desktop environment for the X Window System. Konqueror is the file manager for the K Desktop Environment. George Staikos reported that Konqueror may inadvertently send authentication credentials to websites other than the intended website in clear text via the HTTP-referer header. This can occur when authentication credentials are passed as part of a URL in the form http://user:password@host/ Users of Konqueror are advised to upgrade to these erratum packages, which contain a backported security patch correcting this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 12409 published 2004-07-06 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/12409 title RHEL 2.1 : kdelibs (RHSA-2003:236) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2003:236. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(12409); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2003-0459"); script_xref(name:"RHSA", value:"2003:236"); script_name(english:"RHEL 2.1 : kdelibs (RHSA-2003:236)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This erratum provides updated KDE packages that resolve a security issue in Konquerer. KDE is a graphical desktop environment for the X Window System. Konqueror is the file manager for the K Desktop Environment. George Staikos reported that Konqueror may inadvertently send authentication credentials to websites other than the intended website in clear text via the HTTP-referer header. This can occur when authentication credentials are passed as part of a URL in the form http://user:password@host/ Users of Konqueror are advised to upgrade to these erratum packages, which contain a backported security patch correcting this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2003-0459" ); # http://www.kde.org/info/security/advisory-20030729-1.txt script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20030729-1.txt" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2003:236" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:arts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-sound"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdelibs-sound-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/08/27"); script_set_attribute(attribute:"patch_publication_date", value:"2003/07/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2003:236"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"arts-2.2.2-9")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-2.2.2-9")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-devel-2.2.2-9")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-sound-2.2.2-9")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"kdelibs-sound-devel-2.2.2-9")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "arts / kdelibs / kdelibs-devel / kdelibs-sound / etc"); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-361.NASL description Two vulnerabilities were discovered in kdelibs : - CAN-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the last seen 2020-06-01 modified 2020-06-02 plugin id 15198 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15198 title Debian DSA-361-2 : kdelibs, kdelibs-crypto - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-361. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15198); script_version("1.23"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2003-0370", "CVE-2003-0459"); script_bugtraq_id(7520, 8297); script_xref(name:"DSA", value:"361"); script_name(english:"Debian DSA-361-2 : kdelibs, kdelibs-crypto - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Two vulnerabilities were discovered in kdelibs : - CAN-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the 'user:password@host' form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. - CAN-2003-0370: Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. These vulnerabilities are described in the following security advisories from KDE : - -" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2003/dsa-361" ); script_set_attribute( attribute:"solution", value: "For the current stable distribution (woody) these problems have been fixed in version 2.2.2-13.woody.8 of kdelibs and 2.2.2-6woody2 of kdelibs-crypto. We recommend that you update your kdelibs and kdelibs-crypto packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kdelibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kdelibs-crypto"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"kdelibs-dev", reference:"2.2.2-13.woody.8")) flag++; if (deb_check(release:"3.0", prefix:"kdelibs3", reference:"2.2.2-13.woody.8")) flag++; if (deb_check(release:"3.0", prefix:"kdelibs3-bin", reference:"2.2.2-13.woody.8")) flag++; if (deb_check(release:"3.0", prefix:"kdelibs3-crypto", reference:"2.2.2-6woody2")) flag++; if (deb_check(release:"3.0", prefix:"kdelibs3-cups", reference:"2.2.2-13.woody.8")) flag++; if (deb_check(release:"3.0", prefix:"kdelibs3-doc", reference:"2.2.2-13.woody.8")) flag++; if (deb_check(release:"3.0", prefix:"libarts", reference:"2.2.2-13.woody.8")) flag++; if (deb_check(release:"3.0", prefix:"libarts-alsa", reference:"2.2.2-13.woody.8")) flag++; if (deb_check(release:"3.0", prefix:"libarts-dev", reference:"2.2.2-13.woody.8")) flag++; if (deb_check(release:"3.0", prefix:"libkmid", reference:"2.2.2-13.woody.8")) flag++; if (deb_check(release:"3.0", prefix:"libkmid-alsa", reference:"2.2.2-13.woody.8")) flag++; if (deb_check(release:"3.0", prefix:"libkmid-dev", reference:"2.2.2-13.woody.8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2003-079.NASL description A vulnerability in Konqueror was discovered where it could inadvertently send authentication credentials to websites other than the intended site in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form http://user:password@host/. The provided packages have a patch that corrects this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 14062 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14062 title Mandrake Linux Security Advisory : kdelibs (MDKSA-2003:079) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:079. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14062); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2003-0459"); script_xref(name:"MDKSA", value:"2003:079"); script_name(english:"Mandrake Linux Security Advisory : kdelibs (MDKSA-2003:079)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability in Konqueror was discovered where it could inadvertently send authentication credentials to websites other than the intended site in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form http://user:password@host/. The provided packages have a patch that corrects this issue." ); script_set_attribute( attribute:"see_also", value:"http://www.kde.org/info/security/advisory-20030729-1.txt" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-static-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2003/07/31"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"kdelibs-3.0.5a-1.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.0", cpu:"i386", reference:"kdelibs-devel-3.0.5a-1.3mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kdelibs-3.1-58.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kdelibs-common-3.1-58.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kdelibs-devel-3.1-58.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"kdelibs-static-devel-3.1-58.2mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Oval
| accepted | 2007-04-25T19:52:29.267-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| description | KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:411 | ||||||||
| status | accepted | ||||||||
| submitted | 2003-09-04T12:00:00.000-04:00 | ||||||||
| title | KDE Konqueror Userid/Password Disclosure Vulnerability | ||||||||
| version | 38 |
Redhat
| advisories |
|
References
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html
- http://marc.info/?l=bugtraq&m=105986238428061&w=2
- http://www.debian.org/security/2003/dsa-361
- http://www.kde.org/info/security/advisory-20030729-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2003:079
- http://www.redhat.com/support/errata/RHSA-2003-235.html
- http://www.redhat.com/support/errata/RHSA-2003-236.html
- http://www.turbolinux.com/security/TLSA-2003-45.txt
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411