CVE-2013-2074

NameCVE-2013-2074
Descriptionkioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-952-1
NVD severitymedium
Debian Bugs707776

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kde4libs (PTS)jessie4:4.14.2-5+deb8u2fixed
jessie (security)4:4.14.2-5+deb8u3fixed
stretch4:4.14.26-2fixed
buster4:4.14.38-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kde4libssource(unstable)4:4.10.5-1low707776
kde4libssourcewheezy4:4.8.4-4+deb7u3DLA-952-1

Notes

[squeeze] - kde4libs <no-dsa> (Minor issue)
https://bugs.kde.org/show_bug.cgi?id=319428
https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=65d736dab592bced4410ccfa4699de89f78c96ca
https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=898135a59d91184692ed1bcee8bb4c6d80d6f7b9

Search for package or bug name: Reporting problems