Credential Exposure in KIO HTTP Module of KDE Kdelibs
CVE-2013-2074

Currently unrated

Key Information:

Vendor: Kde
Status: Kdelibs
Vendor: CVE Published:; 5 February 2014

What is CVE-2013-2074?

A vulnerability in the KIO HTTP module of KDE's Kdelibs versions 4.10.3 and earlier allows attackers to exploit crafted requests that cause an 'internal server error.' This error message inadvertently discloses sensitive information, including usernames and passwords, posing a serious risk to system security. Users should promptly update their Kdelibs software to the latest version to mitigate this exposure.

References

http://www.openwall.com/lists/oss-security/2013/05/10/4

mailing-listx_refsource_MLIST

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=961981

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2014
Vulnerability Reserved
Feb 19, 2013

CVE-2013-2074 Data

JSON