3 results (0.007 seconds)

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 1

Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Konqueror en KDE 3.1.3 y anteriores (kdelibs) permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicación web mediante secuencias de atravesamiento de directorios "%2e%2e" (punto punto codificado) en una URL, lo que hace que Konqueror envíe la cookie fuera de los subconjuntos de URL especificados, por ejemplo a una aplicación vulnerable que corre en el mismo servidor que la aplicación objetivo. • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html http://www.debian.org/security/2004/dsa-459 http://www.mandriva.com/security/advisories?name=MDKSA-2004:022 http://www.redhat.com/support/errata/RHSA-2004-074.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A823 https://access.redhat.com/security/cve/CVE-2003-0592 https://bugzilla.redhat.com/show_bug •

CVSS: 5.0EPSS: 0%CPEs: 33EXPL: 0

KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. KDE Konqueror de KDE 3.1.2 y anteriores no elimina los credenciales de autenticación de URLs de la forma "usuario:contraseña@máquina" en la cabecera HTTP-Referer, lo que podría permitir a sitios web remotos robar las credenciales de páginas que enlazan a esos sitios. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html http://marc.info/?l=bugtraq&m=105986238428061&w=2 http://www.debian.org/security/2003/dsa-361 http://www.kde.org/info/security/advisory-20030729-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2003:079 http://www.redhat.com/support/errata/RHSA-2003-235.html http://www.redhat.com/support/errata/RHSA-2003-236.html http:& •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0

Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack. Konqueror Embedded y KDE 2.2.2 y anteriores no validan el campo Common Name (CN) en certificados X.509, lo que permitiría que atacantes remotos falsifiquen certificados mediante un ataque "man-in-the-middle". • http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html http://www.debian.org/security/2003/dsa-361 http://www.kde.org/info/security/advisory-20030602-1.txt http://www.redhat.com/support/errata/RHSA-2003-192.html http://www.redhat.com/support/errata/RHSA-2003-193.html http://www.securityfocus.com/archive/1/320707 http://www.securityfocus.com/bid/7520 http://www.turbolinux.com/security/TLSA-2003-36.txt https://access.redhat.com/security/cve/CVE-2003 •