Unrated severityNVD Advisory· Published Aug 27, 2003· Updated Jun 16, 2026
CVE-2003-0459
CVE-2003-0459
Description
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
34cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*
- (no CPE)range: <=3.1.2
- cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:analog_real-time_synthesizer:2.1.1-5:*:i386:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:analog_real-time_synthesizer:2.1.1-5:*:i386:*:*:*:*:*
- cpe:2.3:a:redhat:analog_real-time_synthesizer:2.2-11:*:i386:*:*:*:*:*
- cpe:2.3:a:redhat:analog_real-time_synthesizer:2.2-11:*:ia64:*:*:*:*:*
cpe:2.3:a:redhat:kdelibs:2.1.1-5:*:i386:*:*:*:*:*+ 10 more
- cpe:2.3:a:redhat:kdelibs:2.1.1-5:*:i386:*:*:*:*:*
- cpe:2.3:a:redhat:kdelibs:2.2-11:*:i386:*:*:*:*:*
- cpe:2.3:a:redhat:kdelibs:2.2-11:*:ia64:*:*:*:*:*
- cpe:2.3:a:redhat:kdelibs:3.0.0-10:*:i386:*:*:*:*:*
- cpe:2.3:a:redhat:kdelibs:3.1-10:*:i386:*:*:*:*:*
- cpe:2.3:a:redhat:kdelibs_devel:2.1.1-5:*:i386_dev:*:*:*:*:*
- cpe:2.3:a:redhat:kdelibs_devel:2.2-11:*:i386_dev:*:*:*:*:*
- cpe:2.3:a:redhat:kdelibs_devel:2.2-11:*:ia64_dev:*:*:*:*:*
- cpe:2.3:a:redhat:kdelibs_devel:3.0.0-10:*:i386_dev:*:*:*:*:*
- cpe:2.3:a:redhat:kdelibs_devel:3.0.3-8:*:i386_dev:*:*:*:*:*
- cpe:2.3:a:redhat:kdelibs_devel:3.1-10:*:i386_dev:*:*:*:*:*
cpe:2.3:a:redhat:kdelibs_sound:2.1.1-5:*:i386_sound:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:kdelibs_sound:2.1.1-5:*:i386_sound:*:*:*:*:*
- cpe:2.3:a:redhat:kdelibs_sound:2.2-11:*:i386_sound:*:*:*:*:*
- cpe:2.3:a:redhat:kdelibs_sound:2.2-11:*:ia64_sound:*:*:*:*:*
cpe:2.3:a:redhat:kdelibs_sound_devel:2.1.1-5:*:i386_sound_dev:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:kdelibs_sound_devel:2.1.1-5:*:i386_sound_dev:*:*:*:*:*
- cpe:2.3:a:redhat:kdelibs_sound_devel:2.2-11:*:i386_sound_dev:*:*:*:*:*
- cpe:2.3:a:redhat:kdelibs_sound_devel:2.2-11:*:ia64_sound_dev:*:*:*:*:*
Patches
Vulnerability mechanics
References
10- www.redhat.com/support/errata/RHSA-2003-235.htmlnvdPatchVendor Advisory
- www.redhat.com/support/errata/RHSA-2003-236.htmlnvdPatchVendor Advisory
- distro.conectiva.com.br/atualizacoes/nvd
- lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.htmlnvd
- marc.infonvd
- www.debian.org/security/2003/dsa-361nvd
- www.kde.org/info/security/advisory-20030729-1.txtnvd
- www.mandriva.com/security/advisoriesnvd
- www.turbolinux.com/security/TLSA-2003-45.txtnvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411nvd
News mentions
0No linked articles in our index yet.