CVE-2007-4225 - Vulnerability Details - OpenCVE

Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kde	Konqueror

Configuration 1 [-]

cpe:2.3:a:kde:konqueror:3.5.7:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html
http://secunia.com/advisories/26351
http://secunia.com/advisories/26612
http://secunia.com/advisories/26690
http://secunia.com/advisories/26720
http://secunia.com/advisories/27089
http://secunia.com/advisories/27096
http://securityreason.com/securityalert/2982
http://securitytracker.com/id?1018579
http://www.kde.org/info/security/advisory-20070816-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:176
http://www.ubuntu.com/usn/usn-502-1
http://www.vupen.com/english/advisories/2007/2807
https://exchange.xforce.ibmcloud.com/vulnerabilities/35829
https://issues.rpath.com/browse/RPL-1615
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-08T21:00:00

Updated: 2024-08-07T14:46:39.372Z

Reserved: 2007-08-08T00:00:00

Link: CVE-2007-4225

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-08T21:17:00.000

Modified: 2024-11-21T00:35:05.180

Link: CVE-2007-4225

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-06T00:00:00", "descriptions": [{"lang": "en", "value": "Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "2982", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2982"}, {"name": "FEDORA-2007-2361", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html"}, {"name": "FEDORA-2007-716", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html"}, {"name": "USN-502-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-502-1"}, {"name": "konqueror-data-spoofing(35829)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35829"}, {"name": "ADV-2007-2807", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2807"}, {"name": "26351", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26351"}, {"name": "26690", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26690"}, {"name": "1018579", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018579"}, {"name": "27089", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27089"}, {"name": "26612", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26612"}, {"name": "27096", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27096"}, {"name": "26720", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26720"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1615"}, {"name": "MDKSA-2007:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:176"}, {"name": "20070806 Konqueror: URL address bar spoofing vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kde.org/info/security/advisory-20070816-1.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4225", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "2982", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2982"}, {"name": "FEDORA-2007-2361", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html"}, {"name": "FEDORA-2007-716", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html"}, {"name": "USN-502-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-502-1"}, {"name": "konqueror-data-spoofing(35829)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35829"}, {"name": "ADV-2007-2807", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2807"}, {"name": "26351", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26351"}, {"name": "26690", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26690"}, {"name": "1018579", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018579"}, {"name": "27089", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27089"}, {"name": "26612", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26612"}, {"name": "27096", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27096"}, {"name": "26720", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26720"}, {"name": "https://issues.rpath.com/browse/RPL-1615", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1615"}, {"name": "MDKSA-2007:176", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:176"}, {"name": "20070806 Konqueror: URL address bar spoofing vulnerabilities", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html"}, {"name": "http://www.kde.org/info/security/advisory-20070816-1.txt", "refsource": "CONFIRM", "url": "http://www.kde.org/info/security/advisory-20070816-1.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:46:39.372Z"}, "title": "CVE Program Container", "references": [{"name": "2982", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2982"}, {"name": "FEDORA-2007-2361", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html"}, {"name": "FEDORA-2007-716", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html"}, {"name": "USN-502-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-502-1"}, {"name": "konqueror-data-spoofing(35829)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35829"}, {"name": "ADV-2007-2807", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2807"}, {"name": "26351", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26351"}, {"name": "26690", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26690"}, {"name": "1018579", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018579"}, {"name": "27089", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27089"}, {"name": "26612", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26612"}, {"name": "27096", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27096"}, {"name": "26720", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26720"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1615"}, {"name": "MDKSA-2007:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:176"}, {"name": "20070806 Konqueror: URL address bar spoofing vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kde.org/info/security/advisory-20070816-1.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4225", "datePublished": "2007-08-08T21:00:00", "dateReserved": "2007-08-08T00:00:00", "dateUpdated": "2024-08-07T14:46:39.372Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kde:konqueror:3.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "8887E497-7174-4D9B-84BA-069D9F4D203E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion."}, {"lang": "es", "value": "Vulnerabilidad de truncado visual en KDE Konqueror 3.5.7 permite a atacantes remotos falsificar la barra de direcciones URL mediante un URI http con una gran cantidad de espacios en blanco en la parte user/password."}], "id": "CVE-2007-4225", "lastModified": "2024-11-21T00:35:05.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-08-08T21:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26351"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26612"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26690"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26720"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27089"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27096"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2982"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018579"}, {"source": "cve@mitre.org", "url": "http://www.kde.org/info/security/advisory-20070816-1.txt"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:176"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-502-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2807"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35829"}, {"source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-1615"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26351"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26612"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26690"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26720"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27089"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27096"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2982"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kde.org/info/security/advisory-20070816-1.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-502-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35829"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-1615"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. Not vulnerable. These issues did not affect the versions of konqueror as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "lastModified": "2007-08-09T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}