CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 1CVE-2003-0592
https://notcve.org/view.php?id=CVE-2003-0592
16 Mar 2004 — Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application. Konqueror en KDE 3.1.3 y anteriores (kdelibs) permite a atacantes remotos saltarse las restriciones de cookies pretendidas en una aplicació... • http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html •
CVSS: 9.8EPSS: 1%CPEs: 33EXPL: 0CVE-2003-0459
https://notcve.org/view.php?id=CVE-2003-0459
01 Aug 2003 — KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites. KDE Konqueror de KDE 3.1.2 y anteriores no elimina los credenciales de autenticación de URLs de la forma "usuario:contraseña@máquina" en la cabecera HTTP-Referer, lo que podría permitir a sitios web remotos robar las credenciales de páginas que enlazan a esos siti... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 •