Unrated severityNVD Advisory· Published Apr 15, 2004· Updated Apr 16, 2026
CVE-2003-0592
CVE-2003-0592
Description
Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application.
Affected products
11cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.debian.org/security/2004/dsa-459nvdPatchVendor Advisory
- www.redhat.com/support/errata/RHSA-2004-074.htmlnvdPatchVendor Advisory
- archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.htmlnvdExploitVendor Advisory
- lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.htmlnvd
- www.mandriva.com/security/advisoriesnvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A823nvd
News mentions
0No linked articles in our index yet.