CVE-2003-0459

Published: Aug 27, 2003Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.

Affected (33)

Products: Kde: Konqueror, Konqueror Embedded · Redhat: Analog Real Time Synthesizer, Kdebase, Kdelibs, Kdelibs Devel, Kdelibs Sound, Kdelibs Sound Devel

2 products

6 products

Analog Real Time Synthesizer

Configuration A

33 vulnerable

Vulnerable Software	Affected Versions
Kde Konqueror	Version 2.1.1
Kde Konqueror	Version 2.2.2
Kde Konqueror	Version 3.0.1
Kde Konqueror	Version 3.0.2
Kde Konqueror	Version 3.0.3
Kde Konqueror	Version 3.0.5
Kde Konqueror	Version 3.0
Kde Konqueror	Version 3.1.1
Kde Konqueror	Version 3.1.2
Kde Konqueror	Version 3.1
Kde Konqueror Embedded	Version 0.1
Redhat Analog Real Time Synthesizer	Version 2.1.1-5
Redhat Analog Real Time Synthesizer	Version 2.2-11
Redhat Analog Real Time Synthesizer	Version 2.2-11
Redhat Kdebase	Version 3.0.3-13
Redhat Kdebase	Version 3.0.3-13
Redhat Kdelibs	Version 2.1.1-5
Redhat Kdelibs	Version 2.2-11
Redhat Kdelibs	Version 2.2-11
Redhat Kdelibs	Version 3.0.0-10
Redhat Kdelibs	Version 3.1-10
Redhat Kdelibs Devel	Version 2.1.1-5
Redhat Kdelibs Devel	Version 2.2-11
Redhat Kdelibs Devel	Version 2.2-11
Redhat Kdelibs Devel	Version 3.0.0-10
Redhat Kdelibs Devel	Version 3.0.3-8
Redhat Kdelibs Devel	Version 3.1-10
Redhat Kdelibs Sound	Version 2.1.1-5
Redhat Kdelibs Sound	Version 2.2-11
Redhat Kdelibs Sound	Version 2.2-11
Redhat Kdelibs Sound Devel	Version 2.1.1-5
Redhat Kdelibs Sound Devel	Version 2.2-11
Redhat Kdelibs Sound Devel	Version 2.2-11