CVE-2007-4225 - Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL addr

CVE-2007-4225

Summary

Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.

References

Vulnerable Configurations

cpe:2.3:a:kde:konqueror:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:kde:konqueror:3.5.7:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

confirm	http://www.kde.org/info/security/advisory-20070816-1.txt https://issues.rpath.com/browse/RPL-1615
fedora	FEDORA-2007-2361 FEDORA-2007-716
fulldisc	20070806 Konqueror: URL address bar spoofing vulnerabilities
mandriva	MDKSA-2007:176
sectrack	1018579
secunia	26351 26612 26690 26720 27089 27096
sreason	2982
ubuntu	USN-502-1
vupen	ADV-2007-2807
xf	konqueror-data-spoofing(35829)

statements via4

contributor	Joshua Bressers
lastmodified	2007-08-09
organization	Red Hat
statement	Not vulnerable. Not vulnerable. These issues did not affect the versions of konqueror as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.

Last major update

29-07-2017 - 01:32

Published

08-08-2007 - 21:17

Last modified

29-07-2017 - 01:32