CVE-2007-3820 | Vulnerability Database | Aqua Security

konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.

Affected Software

Name	Vendor	Start Version	End Version
Konqueror	Kde	3.5.7 (including)	3.5.7 (including)
Red Hat Enterprise Linux 4	RedHat	kdebase-6:3.3.1-6.el4	*
Red Hat Enterprise Linux 4	RedHat	kdelibs-6:3.3.1-9.el4	*
Red Hat Enterprise Linux 5	RedHat	kdebase-6:3.5.4-15.el5	*
Red Hat Enterprise Linux 5	RedHat	kdelibs-6:3.5.4-13.el5	*
Kdebase	Ubuntu	dapper	*
Kdebase	Ubuntu	devel	*
Kdebase	Ubuntu	edgy	*
Kdebase	Ubuntu	feisty	*
Kdebase	Ubuntu	upstream	*

References

http://alt.swiecki.net/oper1.html
http://osvdb.org/37242
http://secunia.com/advisories/26091
http://secunia.com/advisories/26612
http://secunia.com/advisories/26720
http://secunia.com/advisories/27089
http://secunia.com/advisories/27090
http://secunia.com/advisories/27096
http://secunia.com/advisories/27106
http://secunia.com/advisories/27108
http://securityreason.com/securityalert/2905
http://www.kde.org/info/security/advisory-20070816-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:176
http://www.redhat.com/support/errata/RHSA-2007-0905.html
http://www.redhat.com/support/errata/RHSA-2007-0909.html
http://www.securityfocus.com/archive/1/473703/100/0/threaded
http://www.securityfocus.com/archive/1/473712/100/0/threaded
http://www.securityfocus.com/bid/24912
http://www.securityfocus.com/bid/24918
http://www.securitytracker.com/id?1018396
http://www.ubuntu.com/usn/usn-502-1
http://www.vupen.com/english/advisories/2007/2538
https://exchange.xforce.ibmcloud.com/vulnerabilities/35430
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10345
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00085.html
http://alt.swiecki.net/oper1.html
http://osvdb.org/37242
http://secunia.com/advisories/26091
http://secunia.com/advisories/26612
http://secunia.com/advisories/26720
http://secunia.com/advisories/27089
http://secunia.com/advisories/27090
http://secunia.com/advisories/27096
http://secunia.com/advisories/27106
http://secunia.com/advisories/27108
http://securityreason.com/securityalert/2905
http://www.kde.org/info/security/advisory-20070816-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:176
http://www.redhat.com/support/errata/RHSA-2007-0905.html
http://www.redhat.com/support/errata/RHSA-2007-0909.html
http://www.securityfocus.com/archive/1/473703/100/0/threaded
http://www.securityfocus.com/archive/1/473712/100/0/threaded
http://www.securityfocus.com/bid/24912
http://www.securityfocus.com/bid/24918
http://www.securitytracker.com/id?1018396
http://www.ubuntu.com/usn/usn-502-1
http://www.vupen.com/english/advisories/2007/2538
https://exchange.xforce.ibmcloud.com/vulnerabilities/35430
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10345
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00085.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-3820
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html