CVE-2013-2074
kdelibs < 4.10.3 - Credential Exposure via HTTP Error Message
Title source: llmDescription
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
References (9)
Core 9
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/05/10/4
Issue Tracking x_refsource_misc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707776
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=961981
Various Sources x_refsource_misc
https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65d736dab592bced4410ccfa4699de89f78c96ca/diff/kioslave/http/http.cpp
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/05/11/2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/93244
Various Sources vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-1842-1
Various Sources x_refsource_misc
http://xorl.wordpress.com/2013/05/22/cve-2013-2074-kde-kdelibs-password-exposure/
Vendor Advisory x_refsource_confirm
https://bugs.kde.org/show_bug.cgi?id=319428
Scores
EPSS
0.0147
EPSS Percentile
81.1%
Details
CWE
CWE-200
Status
published
Products (4)
kde/kdelibs
4.10.0
kde/kdelibs
4.10.1
kde/kdelibs
4.10.2
kde/kdelibs
< 4.10.3
Published
Feb 05, 2014
Tracked Since
Feb 18, 2026