Vulnerability Description
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ethereal Group | Ethereal | 0.9 |
| Sgi | Propack | 3.0 |
| Conectiva | Linux | 9.0 |
| Altlinux | Alt Linux | 2.3 |
| Debian | Debian Linux | 3.0 |
| Redhat | Enterprise Linux | 2.1 |
| Redhat | Enterprise Linux Desktop | 3.0 |
| Redhat | Linux Advanced Workstation | 2.1 |
| Suse | Suse Linux | 8.0 |
References
- http://marc.info/?l=bugtraq&m=110356286722875&w=2
- http://secunia.com/advisories/13586PatchVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200501-16.xmlPatchVendor Advisory
- http://www.heise.de/security/dienste/browsercheck/tests/java.shtmlVendor Advisory
- http://www.kb.cert.org/vuls/id/420222PatchThird Party AdvisoryUS Government Resource
- http://www.kde.org/info/security/advisory-20041220-1.txtPatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:154
- http://www.redhat.com/support/errata/RHSA-2005-065.htmlPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18596
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=110356286722875&w=2
- http://secunia.com/advisories/13586PatchVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200501-16.xmlPatchVendor Advisory
- http://www.heise.de/security/dienste/browsercheck/tests/java.shtmlVendor Advisory
- http://www.kb.cert.org/vuls/id/420222PatchThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2004-1145?
CVE-2004-1145 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java ...
How severe is CVE-2004-1145?
CVE-2004-1145 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1145?
Check the references section above for vendor advisories and patch information. Affected products include: Ethereal Group Ethereal, Sgi Propack, Conectiva Linux, Altlinux Alt Linux, Debian Debian Linux.