Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-2074

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.

Related bugs and status

CVE-2013-2074 (Candidate) is related to these bugs:

Bug #1178286: Security advisory from KDE upstream

		In	Importance	Status
1178286	Security advisory from KDE upstream	kde4libs (Ubuntu)	Undecided	Fix Released
1178286	Security advisory from KDE upstream	kde4libs (Ubuntu Precise)	Undecided	Fix Released
1178286	Security advisory from KDE upstream	kde4libs (Ubuntu Raring)	Undecided	Fix Released
1178286	Security advisory from KDE upstream	kde4libs (Ubuntu Saucy)	Undecided	Fix Released
1178286	Security advisory from KDE upstream	kde4libs (Ubuntu Quantal)	Undecided	Fix Released
1178286	Security advisory from KDE upstream	kdelibs	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://bugs.debian.org...
MISC: http://xorl.wordpress....
MISC: https://projects.kde.o...
MISC: http://www.osvdb.org/9...
MISC: http://ubuntu.com/usn/...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: https://bugs.kde.org/s...
MISC: https://bugzilla.redha...