CVE-2007-0537
Summary
| CVE | CVE-2007-0537 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2007-01-29 16:28:00 UTC |
|---|
| Updated | 2018-10-16 16:33:00 UTC |
|---|
| Description | The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478. |
|---|
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|
| Application |
Kde |
Konqueror |
3.5.5 |
All |
All |
All |
| Application |
Kde |
Konqueror |
3.5.5 |
All |
All |
All |
References
| Reference | Source | Link | Tags |
|---|
| Webmail - OVH |
VUPEN |
www.vupen.com |
Vendor Advisory |
| Repository / Oval Repository |
OVAL |
oval.cisecurity.org |
|
| SecurityFocus |
BUGTRAQ |
www.securityfocus.com |
|
| Gentoo Linux Documentation
--
KHTML: Cross-site scripting (XSS) vulnerability |
GENTOO |
www.gentoo.org |
|
| KDE Konqueror KHTML Library Title Cross Site Scripting Vulnerability |
BID |
www.securityfocus.com |
|
| Konqueror HTML Parsing Weakness - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| Support |
REDHAT |
www.redhat.com |
|
| tags on websites that allow
user supplied data to be embeded inside the page title and
do not properly escape the text.
3. Impact:
On affected websites it is possible to conduct XSS attacks
and steal authorisation data.
4. Solution:
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
5. Patch:
Patch f |
CONFIRM |
www.kde.org |
|
| Advisories - Mandriva Linux |
MANDRIVA |
www.mandriva.com |
|
| Mandriva update for kdelibs - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| Advisories | Mandriva |
MANDRIVA |
www.mandriva.com |
|
| issues.rpath.com/browse/RPL-1117 |
CONFIRM |
issues.rpath.com |
|
| SecurityTracker.com Archives - KDE Konqueror Input Validation Hole in Processing HTML Title Tags Permits Cross-Site Scripting Attacks |
SECTRACK |
securitytracker.com |
|
| Security Announcement |
SUSE |
www.novell.com |
|
| Red Hat update for kdelibs - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| 32975 |
OSVDB |
osvdb.org |
|
| Ubuntu update for kdelibs - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| SUSE Update for Multiple Packages - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| USN-420-1: KDE library vulnerability | Ubuntu |
UBUNTU |
www.ubuntu.com |
|
| Gentoo update for kdelibs - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| rPath update for kdelibs - Secunia.com |
SECUNIA |
secunia.com |
Vendor Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|
| Red Hat | 2007-02-15 | Joshua Bressers | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225414 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ |
There are currently no legacy QID mappings associated with this CVE.
