CVE-2013-2074

Published: Feb 5, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20130510 CVE request: password exposure in kdelibs when showing "internal server error" messages

mailing-list

x_refsource_MLIST

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=961981

x_refsource_CONFIRM

https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp

x_refsource_MISC

[oss-security] 20130510 Re: CVE request: password exposure in kdelibs when showing "internal server error" messages

mailing-list

x_refsource_MLIST

93244

vdb-entry

x_refsource_OSVDB

USN-1842-1

vendor-advisory

x_refsource_UBUNTU

http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure/

x_refsource_MISC

https://bugs.kde.org/show_bug.cgi?id=319428

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2013-2074

Description

Affected Products

References