ID CVE-2007-4224
Summary KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
References
Vulnerable Configurations
  • cpe:2.3:a:kde:konqueror:3.5.7
    cpe:2.3:a:kde:konqueror:3.5.7
CVSS
Base: 4.3 (as of 09-08-2007 - 08:18)
Impact:
Exploitability:
CWE CWE-59
CAPEC
  • Symlink Attack
    An attacker positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name. The endpoint file may be either output or input. If the file is output, the result is that the endpoint is modified, instead of a file at the intended location. Modifications to the endpoint file may include appending, overwriting, corrupting, changing permissions, or other modifications. In some variants of this attack the attacker may be able to control the change to a file while in other cases they cannot. The former is especially damaging since the attacker may be able to grant themselves increased privileges or insert false information, but the latter can also be damaging as it can expose sensitive information or corrupt or destroy vital system or application files. Alternatively, the endpoint file may serve as input to the targeted application. This can be used to feed malformed input into the target or to cause the target to process different information, possibly allowing the attacker to control the actions of the target or to cause the target to expose information to the attacker. Moreover, the actions taken on the endpoint file are undertaken with the permissions of the targeted user or application, which may exceed the permissions that the attacker would normally have.
  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FILESHARESET-4454.NASL
    description Users could log in as root without having to enter the password if auto login was enabled and if kdm was configured to require the root passwort to shutdown the system (CVE-2007-4569). JavaScript code could modify the URL in the address bar to make the currently displayed website appear to come from a different site (CVE-2007-4224).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27217
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27217
    title openSUSE 10 Security Update : fileshareset (fileshareset-4454)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071008_KDEBASE_ON_SL5_X.NASL
    description Kees Huijgen found a flaw in the way KDM handled logins when autologin and 'shutdown with password' were enabled. A local user would have been able to login via KDM as any user without requiring a password. (CVE-2007-4569) Two Konqueror address spoofing flaws were discovered. A malicious website could spoof the Konqueror address bar, tricking a victim into believing the page was from a different site. (CVE-2007-3820, CVE-2007-4224)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60262
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60262
    title Scientific Linux Security Update : kdebase on SL5.x, SL4.x i386/x86_64
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20071008_KDELIBS_ON_SL5_X.NASL
    description Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1564) Two Konqueror address spoofing flaws have been discovered. It was possible for a malicious website to cause the Konqueror address bar to display information which could trick a user into believing they are at a different website than they actually are. (CVE-2007-3820, CVE-2007-4224)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60263
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60263
    title Scientific Linux Security Update : kdelibs on SL5.x, SL4.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0909.NASL
    description From Red Hat Security Advisory 2007:0909 : Updated kdelibs packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment (KDE). Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1564) Two Konqueror address spoofing flaws have been discovered. It was possible for a malicious website to cause the Konqueror address bar to display information which could trick a user into believing they are at a different website than they actually are. (CVE-2007-3820, CVE-2007-4224) Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-08-13
    plugin id 67574
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67574
    title Oracle Linux 4 / 5 : kdelibs (ELSA-2007-0909)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0909.NASL
    description Updated kdelibs packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment (KDE). Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1564) Two Konqueror address spoofing flaws have been discovered. It was possible for a malicious website to cause the Konqueror address bar to display information which could trick a user into believing they are at a different website than they actually are. (CVE-2007-3820, CVE-2007-4224) Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 26974
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26974
    title CentOS 4 / 5 : kdelibs (CESA-2007:0909)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-716.NASL
    description The remote Fedora Core host is missing one or more security updates : kdebase-3.5.7-1.fc6 : - Tue Oct 2 2007 Than Ngo - 6:3.5.7-1.fc6 - CVE-2007-4224, CVE-2007-4225, CVE-2007-3820 - rh#299741, CVE-2007-4569 - Mon Jul 2 2007 Than Ngo - 6:3.5.7-0.fc6.2 - fix #244906 kdelibs-3.5.7-1.fc6 : - Tue Oct 2 2007 Than Ngo - 6:3.5.7-1.fc6 - CVE-2007-4224, CVE-2007-3820 konqueror address bar spoofing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 26935
    published 2007-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26935
    title Fedora Core 6 : kdebase-3.5.7-1.fc6 / kdelibs-3.5.7-1.fc6 (2007-716)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0905.NASL
    description Updated kdebase packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include Konqueror, the web browser and file manager. These updated packages address the following vulnerabilities : Kees Huijgen found a flaw in the way KDM handled logins when autologin and 'shutdown with password' were enabled. A local user would have been able to login via KDM as any user without requiring a password. (CVE-2007-4569) Two Konqueror address spoofing flaws were discovered. A malicious website could spoof the Konqueror address bar, tricking a victim into believing the page was from a different site. (CVE-2007-3820, CVE-2007-4224) Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 26973
    published 2007-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26973
    title CentOS 4 / 5 : kdebase (CESA-2007:0905)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_14AD2A2866D211DCB25F02E0185F8D72.NASL
    description The KDE development team reports : The Konqueror address bar is vulnerable to spoofing attacks that are based on embedding white spaces in the url. In addition the address bar could be tricked to show an URL which it is intending to visit for a short amount of time instead of the current URL.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 26085
    published 2007-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26085
    title FreeBSD : konquerer -- address bar spoofing (14ad2a28-66d2-11dc-b25f-02e0185f8d72)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2361.NASL
    description - Tue Oct 2 2007 Than Ngo - 6:3.5.7-13.1 - rh#299731, CVE-2007-4569 - Wed Aug 15 2007 Rex Dieter 6:3.5.7-13 - CVE-2007-3820, CVE-2007-4224, CVE-2007-4225 - License: GPLv2 - Requires: kdelibs3(-devel) - Fri Jul 20 2007 Rex Dieter - 6:3.5.7-12 - fix unpackaged files - Fri Jul 20 2007 Rex Dieter - 6:3.5.7-9 - %ifnarch s390 s390x: BR: lm_sensors - Thu Jul 19 2007 Rex Dieter - 6:3.5.7-7 - omit dirs owned by kde-filesystem - Mon Jul 2 2007 Than Ngo - 6:3.5.7-6 - fix bz#244906 - Wed Jun 20 2007 Rex Dieter - 6:3.5.7-5 - Provides: kdebase3(-devel) - Wed Jun 20 2007 Rex Dieter - 6:3.5.7-4 - -devel: Requires: %name... - portability++ - Fri Jun 15 2007 Rex Dieter - 6:3.5.7-3 - specfile portability - Mon Jun 11 2007 Rex Dieter - 6:3.5.7-2 - fix BR: kdelibs-devel - cleanup Req's wrt kde-settings - Mon Jun 11 2007 Than Ngo - 6:3.5.7-1.fc7.1 - remove kdebase-3.4.2-npapi-64bit-fixes.patch, it's included in new upstream - Wed Jun 6 2007 Than Ngo - 6:3.5.7-0.1 - 3.5.7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 27769
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27769
    title Fedora 7 : kdebase-3.5.7-13.1.fc7 (2007-2361)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0909.NASL
    description Updated kdelibs packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment (KDE). Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1564) Two Konqueror address spoofing flaws have been discovered. It was possible for a malicious website to cause the Konqueror address bar to display information which could trick a user into believing they are at a different website than they actually are. (CVE-2007-3820, CVE-2007-4224) Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 26952
    published 2007-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26952
    title RHEL 4 / 5 : kdelibs (RHSA-2007:0909)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_FILESHARESET-4433.NASL
    description Users could log in as root without having to enter the password if auto login was enabled and if kdm was configured to require the root passwort to shutdown the system. (CVE-2007-4569) JavaScript code could modify the URL in the address bar to make the currently displayed website appear to come from a different site. (CVE-2007-4224)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 29429
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29429
    title SuSE 10 Security Update : KDE (ZYPP Patch Number 4433)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-264-01.NASL
    description New kdebase packages are available for Slackware 12.0 to fix security issues. A long URL padded with spaces could be used to display a false URL in Konqueror's addressbar, and KDM when used with no-password login could be tricked into logging a different user in without a password. This is not the way KDM is configured in Slackware by default, somewhat mitigating the impact of this issue.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 26113
    published 2007-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26113
    title Slackware 12.0 : kdebase, kdelibs (SSA:2007-264-01)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0905.NASL
    description From Red Hat Security Advisory 2007:0905 : Updated kdebase packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include Konqueror, the web browser and file manager. These updated packages address the following vulnerabilities : Kees Huijgen found a flaw in the way KDM handled logins when autologin and 'shutdown with password' were enabled. A local user would have been able to login via KDM as any user without requiring a password. (CVE-2007-4569) Two Konqueror address spoofing flaws were discovered. A malicious website could spoof the Konqueror address bar, tricking a victim into believing the page was from a different site. (CVE-2007-3820, CVE-2007-4224) Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67573
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67573
    title Oracle Linux 4 / 5 : kdebase (ELSA-2007-0905)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0905.NASL
    description Updated kdebase packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include Konqueror, the web browser and file manager. These updated packages address the following vulnerabilities : Kees Huijgen found a flaw in the way KDM handled logins when autologin and 'shutdown with password' were enabled. A local user would have been able to login via KDM as any user without requiring a password. (CVE-2007-4569) Two Konqueror address spoofing flaws were discovered. A malicious website could spoof the Konqueror address bar, tricking a victim into believing the page was from a different site. (CVE-2007-3820, CVE-2007-4224) Users of KDE should upgrade to these updated packages, which contain backported patches to correct these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 26951
    published 2007-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26951
    title RHEL 4 / 5 : kdebase (RHSA-2007:0905)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-176.NASL
    description konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed. (CVE-2007-3820) KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property. (CVE-2007-4224) Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion. (CVE-2007-4225) Updated packages fix these issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 26008
    published 2007-09-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26008
    title Mandrake Linux Security Advisory : konqueror (MDKSA-2007:176)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-502-1.NASL
    description It was discovered that Konqueror could be tricked into displaying incorrect URLs. Remote attackers could exploit this to increase their chances of tricking a user into visiting a phishing URL, which could lead to credential theft. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28106
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28106
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : kdebase, kdelibs vulnerabilities (USN-502-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-1699.NASL
    description This update primarily addresses problems with URL spoofing and consolekit/session permissions. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27728
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27728
    title Fedora 7 : kdelibs-3.5.7-20.fc7 (2007-1699)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-1700.NASL
    description This update primarily addresses security issues around URL spoofing. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 27729
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27729
    title Fedora 7 : kdebase-3.5.7-13.fc7 (2007-1700)
oval via4
accepted 2013-04-29T04:23:00.583-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
family unix
id oval:org.mitre.oval:def:9879
status accepted
submitted 2010-07-09T03:56:16-04:00
title KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
version 24
redhat via4
advisories
  • bugzilla
    id 299891
    title CVE-2007-1308 kdelibs KDE JavaScript denial of service (crash)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment kdelibs is earlier than 6:3.3.1-9.el4
            oval oval:com.redhat.rhsa:tst:20070909002
          • comment kdelibs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060720003
        • AND
          • comment kdelibs-devel is earlier than 6:3.3.1-9.el4
            oval oval:com.redhat.rhsa:tst:20070909004
          • comment kdelibs-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060720005
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment kdelibs is earlier than 6:3.5.4-13.el5
            oval oval:com.redhat.rhsa:tst:20070909007
          • comment kdelibs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070909008
        • AND
          • comment kdelibs-apidocs is earlier than 6:3.5.4-13.el5
            oval oval:com.redhat.rhsa:tst:20070909011
          • comment kdelibs-apidocs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070909012
        • AND
          • comment kdelibs-devel is earlier than 6:3.5.4-13.el5
            oval oval:com.redhat.rhsa:tst:20070909009
          • comment kdelibs-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070909010
    rhsa
    id RHSA-2007:0909
    released 2007-10-08
    severity Moderate
    title RHSA-2007:0909: kdelibs security update (Moderate)
  • rhsa
    id RHSA-2007:0905
rpms
  • kdebase-6:3.3.1-6.el4
  • kdebase-devel-6:3.3.1-6.el4
  • kdebase-6:3.5.4-15.el5
  • kdebase-devel-6:3.5.4-15.el5
  • kdelibs-6:3.3.1-9.el4
  • kdelibs-devel-6:3.3.1-9.el4
  • kdelibs-6:3.5.4-13.el5
  • kdelibs-apidocs-6:3.5.4-13.el5
  • kdelibs-devel-6:3.5.4-13.el5
refmap via4
bid 25219
bugtraq
  • 20070806 Konqueror: URL address bar spoofing vulnerabilities
  • 20070806 Re: Konqueror: URL address bar spoofing vulnerabilities
  • 20070806 Re: Konqueror: URL address bar spoofingvulnerabilities
  • 20070807 Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities
confirm
fedora
  • FEDORA-2007-2361
  • FEDORA-2007-716
fulldisc 20070806 Konqueror: URL address bar spoofing vulnerabilities
mandriva MDKSA-2007:176
sectrack 1018579
secunia
  • 26351
  • 26612
  • 26690
  • 26720
  • 27089
  • 27090
  • 27096
  • 27106
  • 27108
  • 27271
sreason 2982
suse SUSE-SR:2007:021
ubuntu USN-502-1
vupen ADV-2007-2807
xf konqueror-setinterval-spoofing(35828)
statements via4
contributor Mark J Cox
lastmodified 2007-09-05
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251708 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Last major update 07-03-2011 - 21:58
Published 08-08-2007 - 17:17
Last modified 15-10-2018 - 17:33
Back to Top