Back to search
CVE-2017-6410
Published: Mar 2, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-3849
vendor-advisory
x_refsource_DEBIAN
96515
vdb-entry
x_refsource_BID
https://www.kde.org/info/security/advisory-20170228-1.txt
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now