Vulnerability Details CVE-2004-1145
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.067
EPSS Ranking 90.8%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=110356286722875&w=2
- http://secunia.com/advisories/13586
- http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml
- http://www.heise.de/security/dienste/browsercheck/tests/java.shtml
- http://www.kb.cert.org/vuls/id/420222
- http://www.kde.org/info/security/advisory-20041220-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:154
- http://www.redhat.com/support/errata/RHSA-2005-065.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18596
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173
- http://marc.info/?l=bugtraq&m=110356286722875&w=2
- http://secunia.com/advisories/13586
- http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml
- http://www.heise.de/security/dienste/browsercheck/tests/java.shtml
- http://www.kb.cert.org/vuls/id/420222
- http://www.kde.org/info/security/advisory-20041220-1.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:154
- http://www.redhat.com/support/errata/RHSA-2005-065.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18596
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173
Products affected by CVE-2004-1145
-
cpe:2.3:a:ethereal_group:ethereal:0.10
-
cpe:2.3:a:ethereal_group:ethereal:0.10.1
-
cpe:2.3:a:ethereal_group:ethereal:0.10.2
-
cpe:2.3:a:ethereal_group:ethereal:0.10.3
-
cpe:2.3:a:ethereal_group:ethereal:0.10.4
-
cpe:2.3:a:ethereal_group:ethereal:0.10.5
-
cpe:2.3:a:ethereal_group:ethereal:0.10.6
-
cpe:2.3:a:ethereal_group:ethereal:0.10.7
-
cpe:2.3:a:ethereal_group:ethereal:0.9
-
cpe:2.3:a:ethereal_group:ethereal:0.9.1
-
cpe:2.3:a:ethereal_group:ethereal:0.9.10
-
cpe:2.3:a:ethereal_group:ethereal:0.9.11
-
cpe:2.3:a:ethereal_group:ethereal:0.9.12
-
cpe:2.3:a:ethereal_group:ethereal:0.9.13
-
cpe:2.3:a:ethereal_group:ethereal:0.9.14
-
cpe:2.3:a:ethereal_group:ethereal:0.9.15
-
cpe:2.3:a:ethereal_group:ethereal:0.9.16
-
cpe:2.3:a:ethereal_group:ethereal:0.9.2
-
cpe:2.3:a:ethereal_group:ethereal:0.9.3
-
cpe:2.3:a:ethereal_group:ethereal:0.9.4
-
cpe:2.3:a:ethereal_group:ethereal:0.9.5
-
cpe:2.3:a:ethereal_group:ethereal:0.9.6
-
cpe:2.3:a:ethereal_group:ethereal:0.9.7
-
cpe:2.3:a:ethereal_group:ethereal:0.9.8
-
cpe:2.3:a:ethereal_group:ethereal:0.9.9
-
cpe:2.3:a:sgi:propack:3.0
-
cpe:2.3:o:altlinux:alt_linux:2.3
-
cpe:2.3:o:conectiva:linux:10.0
-
cpe:2.3:o:conectiva:linux:9.0
-
cpe:2.3:o:debian:debian_linux:3.0
-
cpe:2.3:o:redhat:enterprise_linux:2.1
-
cpe:2.3:o:redhat:enterprise_linux:3.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:3.0
-
cpe:2.3:o:redhat:linux_advanced_workstation:2.1
-
cpe:2.3:o:suse:suse_linux:8.0
-
cpe:2.3:o:suse:suse_linux:8.1
-
cpe:2.3:o:suse:suse_linux:8.2
-
cpe:2.3:o:suse:suse_linux:9.0
-
cpe:2.3:o:suse:suse_linux:9.1
-
cpe:2.3:o:suse:suse_linux:9.2