Lucene search

PRIOn knowledge basePRION:CVE-2013-2074

HistoryFeb 05, 2014 - 7:55 p.m.

Default credentials

2014-02-0519:55:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.5%

JSON

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an “internal server error,” which includes the username and password in an error message.

CPENameOperatorVersion
kdelibseq4.10.2
kdelibseq4.10.1
kdelibsle4.10.3
kdelibseq4.10.0

Name	Operator	Version
kdelibs	eq	4.10.2
kdelibs	eq	4.10.1
kdelibs	le	4.10.3
kdelibs	eq	4.10.0

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776

ubuntu.com/usn/usn-1842-1

www.openwall.com/lists/oss-security/2013/05/10/4

www.openwall.com/lists/oss-security/2013/05/11/2

www.osvdb.org/93244

xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure/

bugs.kde.org/show_bug.cgi?id=319428

bugzilla.redhat.com/show_bug.cgi?id=961981

projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.5%

JSON

Related for PRION:CVE-2013-2074