Your submission was sent successfully! Close

CVE-2017-6410

Published: 02 March 2017

kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
kde4libs
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus)
Released (4:4.14.16-0ubuntu3.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (4:4.13.3-0ubuntu0.4)
kio
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 16.04 ESM (Xenial Xerus)
Released (5.18.0-0ubuntu1.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist