CVE-2013-2074

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.

kioslave/http/http.cpp en KIO en kdelibs 4.10.3 y anteriores permite a atacantes remotos descubrir credenciales a través de una solicitud manipulada que provoca un "internal server error," el cual incluye el nombre de usuario y contraseña en un mensaje de error.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-02-19 CVE Reserved
2013-05-29 CVE Published
2023-09-18 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (9)

URL	Tag	Source
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776	X_refsource_misc
http://www.openwall.com/lists/oss-security/2013/05/10/4	Mailing List
http://www.openwall.com/lists/oss-security/2013/05/11/2	Mailing List
http://www.osvdb.org/93244	Vdb Entry
http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure	X_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=961981	X_refsource_confirm
https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp	X_refsource_misc

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://ubuntu.com/usn/usn-1842-1	2014-02-25
https://bugs.kde.org/show_bug.cgi?id=319428	2014-02-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				<= 4.10.3 Search vendor "Kde" for product "Kdelibs" and version " <= 4.10.3"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.10.0 Search vendor "Kde" for product "Kdelibs" and version "4.10.0"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.10.1 Search vendor "Kde" for product "Kdelibs" and version "4.10.1"		-		Affected
Kde Search vendor "Kde"		Kdelibs Search vendor "Kde" for product "Kdelibs"				4.10.2 Search vendor "Kde" for product "Kdelibs" and version "4.10.2"		-		Affected