KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the user:password@host form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Konqueror | Kde | 2.1.1 (including) | 2.1.1 (including) |
| Konqueror | Kde | 2.2.2 (including) | 2.2.2 (including) |
| Konqueror | Kde | 3.0 (including) | 3.0 (including) |
| Konqueror | Kde | 3.0.1 (including) | 3.0.1 (including) |
| Konqueror | Kde | 3.0.2 (including) | 3.0.2 (including) |
| Konqueror | Kde | 3.0.3 (including) | 3.0.3 (including) |
| Konqueror | Kde | 3.0.5 (including) | 3.0.5 (including) |
| Konqueror | Kde | 3.1 (including) | 3.1 (including) |
| Konqueror | Kde | 3.1.1 (including) | 3.1.1 (including) |
| Konqueror | Kde | 3.1.2 (including) | 3.1.2 (including) |
| Konqueror_embedded | Kde | 0.1 (including) | 0.1 (including) |
| Analog_real-time_synthesizer | Redhat | 2.1.1-5 (including) | 2.1.1-5 (including) |
| Analog_real-time_synthesizer | Redhat | 2.2-11 (including) | 2.2-11 (including) |
| Kdebase | Redhat | 3.0.3-13 (including) | 3.0.3-13 (including) |
| Kdelibs | Redhat | 2.1.1-5 (including) | 2.1.1-5 (including) |
| Kdelibs | Redhat | 2.2-11 (including) | 2.2-11 (including) |
| Kdelibs | Redhat | 3.0.0-10 (including) | 3.0.0-10 (including) |
| Kdelibs | Redhat | 3.1-10 (including) | 3.1-10 (including) |
| Kdelibs_devel | Redhat | 2.1.1-5 (including) | 2.1.1-5 (including) |
| Kdelibs_devel | Redhat | 2.2-11 (including) | 2.2-11 (including) |
| Kdelibs_devel | Redhat | 3.0.0-10 (including) | 3.0.0-10 (including) |
| Kdelibs_devel | Redhat | 3.0.3-8 (including) | 3.0.3-8 (including) |
| Kdelibs_devel | Redhat | 3.1-10 (including) | 3.1-10 (including) |
| Kdelibs_sound | Redhat | 2.1.1-5 (including) | 2.1.1-5 (including) |
| Kdelibs_sound | Redhat | 2.2-11 (including) | 2.2-11 (including) |
| Kdelibs_sound_devel | Redhat | 2.1.1-5 (including) | 2.1.1-5 (including) |
| Kdelibs_sound_devel | Redhat | 2.2-11 (including) | 2.2-11 (including) |