CVE-2013-2074

NameCVE-2013-2074
Descriptionkioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-952-1
Debian Bugs707776

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kde4libs (PTS)jessie, jessie (lts)4:4.14.2-5+deb8u3fixed
stretch (lts), stretch4:4.14.26-2+deb9u1fixed
buster4:4.14.38-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kde4libssourcewheezy4:4.8.4-4+deb7u3DLA-952-1
kde4libssource(unstable)4:4.10.5-1low707776

Notes

[squeeze] - kde4libs <no-dsa> (Minor issue)
https://bugs.kde.org/show_bug.cgi?id=319428
https://github.com/KDE/kdelibs/commit/65d736dab592bced4410ccfa4699de89f78c96ca
https://github.com/KDE/kdelibs/commit/898135a59d91184692ed1bcee8bb4c6d80d6f7b9
Search for package or bug name: Reporting problems