Vulnerability CVE-2004-1145
Published: 2004-12-15   Modified: 2012-02-12

Description:
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
SUSE -> Suse linux 
SGI -> Propack 
Redhat -> Enterprise linux 
Redhat -> Enterprise linux desktop 
Redhat -> Linux advanced workstation 
Ethereal group -> Ethereal 
Debian -> Debian linux 
Conectiva -> Linux 
Altlinux -> Alt linux 

 References:
http://marc.info/?l=bugtraq&m=110356286722875&w=2
http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml
http://www.heise.de/security/dienste/browsercheck/tests/java.shtml
http://www.kb.cert.org/vuls/id/420222
http://www.kde.org/info/security/advisory-20041220-1.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2004:154
http://www.redhat.com/support/errata/RHSA-2005-065.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/18596
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173
Copyright 2024, cxsecurity.com

 

Back to Top