Search for vulnerabilities
Vulnerability details: VCID-9243-ckwg-aaap
Vulnerability ID VCID-9243-ckwg-aaap
Aliases CVE-2017-6410
Summary kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including Basic Authentication credentials, a query string, or PATH_INFO), which allows remote attackers to obtain sensitive information via a crafted PAC file.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-319 Cleartext Transmission of Sensitive Information
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6410.html
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6410.json
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00098 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00125 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00315 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
epss 0.00411 https://api.first.org/data/v1/epss?cve=CVE-2017-6410
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1427808
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6410
generic_textual High https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8422
cvssv2 5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2017-6410
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2017-6410
generic_textual Medium https://ubuntu.com/security/notices/USN-3223-1
generic_textual Medium https://www.kde.org/info/security/advisory-20170228-1.txt
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-6410.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6410.json
https://api.first.org/data/v1/epss?cve=CVE-2017-6410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8422
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://ubuntu.com/security/notices/USN-3223-1
https://www.kde.org/info/security/advisory-20170228-1.txt
http://www.debian.org/security/2017/dsa-3849
http://www.securityfocus.com/bid/96515
1427808 https://bugzilla.redhat.com/show_bug.cgi?id=1427808
856889 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856889
cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kdelibs:*:*:*:*:*:*:*:*
cpe:2.3:a:kde:kio:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:kio:*:*:*:*:*:*:*:*
CVE-2017-6410 https://nvd.nist.gov/vuln/detail/CVE-2017-6410
USN-3223-1 https://usn.ubuntu.com/3223-1/
No exploits are available.
Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6410.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-6410
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2017-6410
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.24575
EPSS Score 0.00098
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.