CVE-2013-2074

Published: Feb 5, 2014Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.

Affected (4)

Products: Kde: Kdelibs

Kde

1 product

Kdelibs

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Kde Kdelibs	Up to 4.10.3
Kde Kdelibs	Version 4.10.0
Kde Kdelibs	Version 4.10.1
Kde Kdelibs	Version 4.10.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776

Source: secalert@redhat.com

http://ubuntu.com/usn/usn-1842-1

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/05/10/4

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/05/11/2

Source: secalert@redhat.com

http://www.osvdb.org/93244

Source: secalert@redhat.com

http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure/

Source: secalert@redhat.com

https://bugs.kde.org/show_bug.cgi?id=319428

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=961981

Source: secalert@redhat.com

https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp

Source: secalert@redhat.com

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776