Package : kdelibs-crypto Vulnerability : several Problem-Type : remote Debian-specific: no CVE Ids : CAN-2003-0459, CAN-2003-0370
Two vulnerabilities were discovered in kdelibs:
- CAN-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
- CAN-2003-0370: Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
These vulnerabilities are described in the following security advisories from KDE: