Medium severity5.5NVD Advisory· Published Mar 2, 2017· Updated Jun 17, 2026
CVE-2017-6410
CVE-2017-6410
Description
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords6 versionspkg:rpm/suse/kdelibs4-apidocs&distro=SUSE%20Package%20Hub%2012%20SP1pkg:rpm/suse/kdelibs4-apidocs&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/kdelibs4&distro=SUSE%20Package%20Hub%2012%20SP1pkg:rpm/suse/kdelibs4&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/kio&distro=SUSE%20Package%20Hub%2012%20SP1pkg:rpm/suse/kio&distro=SUSE%20Package%20Hub%2012%20SP2
< 4.14.25-5.3+ 5 more
- (no CPE)range: < 4.14.25-5.3
- (no CPE)range: < 4.14.25-5.3
- (no CPE)range: < 4.14.25-5.3
- (no CPE)range: < 4.14.25-5.3
- (no CPE)range: < 5.26.0-5.1
- (no CPE)range: < 5.26.0-5.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.