CVE-2007-4225 - Vulnerability Details - OpenCVE

Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01804.

Key SSVC decision points have not yet been added.

Vendors	Products
Kde	Konqueror

Configuration 1 [-]

cpe:2.3:a:kde:konqueror:3.5.7:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2007-4208	Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.
Ubuntu USN	USN-502-1	KDE vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html
http://secunia.com/advisories/26351
http://secunia.com/advisories/26612
http://secunia.com/advisories/26690
http://secunia.com/advisories/26720
http://secunia.com/advisories/27089
http://secunia.com/advisories/27096
http://securityreason.com/securityalert/2982
http://securitytracker.com/id?1018579
http://www.kde.org/info/security/advisory-20070816-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2007:176
http://www.ubuntu.com/usn/usn-502-1
http://www.vupen.com/english/advisories/2007/2807
https://exchange.xforce.ibmcloud.com/vulnerabilities/35829
https://issues.rpath.com/browse/RPL-1615
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-08T21:00:00

Updated: 2024-08-07T14:46:39.372Z

Reserved: 2007-08-08T00:00:00

Link: CVE-2007-4225

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-08-08T21:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4225

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-06T00:00:00", "descriptions": [{"lang": "en", "value": "Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "2982", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2982"}, {"name": "FEDORA-2007-2361", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html"}, {"name": "FEDORA-2007-716", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html"}, {"name": "USN-502-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-502-1"}, {"name": "konqueror-data-spoofing(35829)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35829"}, {"name": "ADV-2007-2807", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2807"}, {"name": "26351", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26351"}, {"name": "26690", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26690"}, {"name": "1018579", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1018579"}, {"name": "27089", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27089"}, {"name": "26612", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26612"}, {"name": "27096", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27096"}, {"name": "26720", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26720"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1615"}, {"name": "MDKSA-2007:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:176"}, {"name": "20070806 Konqueror: URL address bar spoofing vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kde.org/info/security/advisory-20070816-1.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4225", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "2982", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2982"}, {"name": "FEDORA-2007-2361", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html"}, {"name": "FEDORA-2007-716", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html"}, {"name": "USN-502-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-502-1"}, {"name": "konqueror-data-spoofing(35829)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35829"}, {"name": "ADV-2007-2807", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2807"}, {"name": "26351", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26351"}, {"name": "26690", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26690"}, {"name": "1018579", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1018579"}, {"name": "27089", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27089"}, {"name": "26612", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26612"}, {"name": "27096", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27096"}, {"name": "26720", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26720"}, {"name": "https://issues.rpath.com/browse/RPL-1615", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1615"}, {"name": "MDKSA-2007:176", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:176"}, {"name": "20070806 Konqueror: URL address bar spoofing vulnerabilities", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html"}, {"name": "http://www.kde.org/info/security/advisory-20070816-1.txt", "refsource": "CONFIRM", "url": "http://www.kde.org/info/security/advisory-20070816-1.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:46:39.372Z"}, "title": "CVE Program Container", "references": [{"name": "2982", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2982"}, {"name": "FEDORA-2007-2361", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html"}, {"name": "FEDORA-2007-716", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html"}, {"name": "USN-502-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-502-1"}, {"name": "konqueror-data-spoofing(35829)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35829"}, {"name": "ADV-2007-2807", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/2807"}, {"name": "26351", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26351"}, {"name": "26690", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26690"}, {"name": "1018579", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1018579"}, {"name": "27089", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27089"}, {"name": "26612", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26612"}, {"name": "27096", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27096"}, {"name": "26720", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26720"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1615"}, {"name": "MDKSA-2007:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:176"}, {"name": "20070806 Konqueror: URL address bar spoofing vulnerabilities", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kde.org/info/security/advisory-20070816-1.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4225", "datePublished": "2007-08-08T21:00:00", "dateReserved": "2007-08-08T00:00:00", "dateUpdated": "2024-08-07T14:46:39.372Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kde:konqueror:3.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "8887E497-7174-4D9B-84BA-069D9F4D203E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion."}, {"lang": "es", "value": "Vulnerabilidad de truncado visual en KDE Konqueror 3.5.7 permite a atacantes remotos falsificar la barra de direcciones URL mediante un URI http con una gran cantidad de espacios en blanco en la parte user/password."}], "id": "CVE-2007-4225", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-08-08T21:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26351"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26612"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26690"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26720"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27089"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27096"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2982"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1018579"}, {"source": "cve@mitre.org", "url": "http://www.kde.org/info/security/advisory-20070816-1.txt"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:176"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-502-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2807"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35829"}, {"source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-1615"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065101.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26351"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26612"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26690"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/26720"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27089"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/27096"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2982"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1018579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.kde.org/info/security/advisory-20070816-1.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:176"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/usn-502-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/2807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35829"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://issues.rpath.com/browse/RPL-1615"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00084.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. Not vulnerable. These issues did not affect the versions of konqueror as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", "lastModified": "2007-08-09T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}