English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.58566
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2007:176 (konqueror)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to konqueror
announced via advisory MDKSA-2007:176.

konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers
to spoof the data: URI scheme in the address bar via a long URI with
trailing whitespace, which prevents the beginning of the URI from
being displayed. (CVE-2007-3820)

KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address
bar by calling setInterval with a small interval and changing the
window.location property. (CVE-2007-4224)

Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote
attackers to spoof the URL address bar via an http URI with a large
amount of whitespace in the user/password portion. (CVE-2007-4225)

Updated packages fix these issues.

Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:176

Risk factor : High

CVSS Score:
6.8

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3820
BugTraq ID: 24912
http://www.securityfocus.com/bid/24912
BugTraq ID: 24918
http://www.securityfocus.com/bid/24918
Bugtraq: 20070713 Opera/Konqueror: data: URL scheme address bar spoofing (Google Search)
http://www.securityfocus.com/archive/1/473703/100/0/threaded
Bugtraq: 20070714 Re: Opera/Konqueror: data: URL scheme address bar spoofing (Google Search)
http://www.securityfocus.com/archive/1/473712/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00085.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:176
http://alt.swiecki.net/oper1.html
http://osvdb.org/37242
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10345
http://www.redhat.com/support/errata/RHSA-2007-0905.html
http://www.redhat.com/support/errata/RHSA-2007-0909.html
http://www.securitytracker.com/id?1018396
http://secunia.com/advisories/26091
http://secunia.com/advisories/26612
http://secunia.com/advisories/26720
http://secunia.com/advisories/27089
http://secunia.com/advisories/27090
http://secunia.com/advisories/27096
http://secunia.com/advisories/27106
http://secunia.com/advisories/27108
http://securityreason.com/securityalert/2905
http://www.ubuntu.com/usn/usn-502-1
http://www.vupen.com/english/advisories/2007/2538
XForce ISS Database: opera-konqueror-addressbar-spoofing(35430)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35430
Common Vulnerability Exposure (CVE) ID: CVE-2007-4224
BugTraq ID: 25219
http://www.securityfocus.com/bid/25219
Bugtraq: 20070806 Konqueror: URL address bar spoofing vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/475689/100/0/threaded
Bugtraq: 20070806 Re: Konqueror: URL address bar spoofing vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/475731/100/0/threaded
Bugtraq: 20070806 Re: Konqueror: URL address bar spoofingvulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/475730/100/0/threaded
Bugtraq: 20070807 Re: [Full-disclosure] Konqueror: URL address bar spoofing vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/475763/100/0/threaded
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9879
http://securitytracker.com/id?1018579
http://secunia.com/advisories/26351
http://secunia.com/advisories/26690
http://secunia.com/advisories/27271
http://securityreason.com/securityalert/2982
SuSE Security Announcement: SUSE-SR:2007:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://www.vupen.com/english/advisories/2007/2807
XForce ISS Database: konqueror-setinterval-spoofing(35828)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35828
Common Vulnerability Exposure (CVE) ID: CVE-2007-4225
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html
XForce ISS Database: konqueror-data-spoofing(35829)
https://exchange.xforce.ibmcloud.com/vulnerabilities/35829
CopyrightCopyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.