kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-03-02T06:00:00
Updated: 2024-08-05T15:25:49.302Z
Reserved: 2017-03-01T00:00:00
Link: CVE-2017-6410
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-03-02T06:59:01.183
Modified: 2024-11-21T03:29:42.773
Link: CVE-2017-6410
Redhat