CVE-2004-1145

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.heise.de/security/dienste/browsercheck/tests/java.shtml	Vendor Advisory
http://www.kde.org/info/security/advisory-20041220-1.txt	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-065.html	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/420222	Patch Third Party Advisory US Government Resource
http://secunia.com/advisories/13586	Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2004:154
http://marc.info/?l=bugtraq&m=110356286722875&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18596
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ethereal_group:ethereal:0.10.1:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.10.2:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.1:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.10:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.3:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.4:::::::*
	cpe:2.3:o:conectiva:linux:10.0:::::::*
	cpe:2.3:o:conectiva:linux:9.0:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.10:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.10.7:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.2:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.6:::::::*
	cpe:2.3:a:sgi:propack:3.0:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.5:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.14:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.15:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.8:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.10.3:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.10.4:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.16:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.10.5:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.13:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.9:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.11:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.7:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.10.6:::::::*
	cpe:2.3:a:ethereal_group:ethereal:0.9.12:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:3.0::ia-32:::::
	cpe:2.3:o:debian:debian_linux:3.0::ia-64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::ia64:::::
	cpe:2.3:o:suse:suse_linux:9.0::x86_64:::::
	cpe:2.3:o:suse:suse_linux:9.1:::::::*
	cpe:2.3:o:suse:suse_linux:9.2:::::::*
	cpe:2.3:o:debian:debian_linux:3.0::arm:::::
	cpe:2.3:o:debian:debian_linux:3.0::hppa:::::
	cpe:2.3:o:suse:suse_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:3.0::m68k:::::
	cpe:2.3:o:suse:suse_linux:8.2:::::::*
	cpe:2.3:o:altlinux:alt_linux:2.3::compact:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation_server:::::
	cpe:2.3:o:debian:debian_linux:3.0::mips:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
	cpe:2.3:o:debian:debian_linux:3.0::mipsel:::::
	cpe:2.3:o:suse:suse_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:3.0::sparc:::::
	cpe:2.3:o:debian:debian_linux:3.0::ppc:::::
	cpe:2.3:o:redhat:linux_advanced_workstation:2.1::itanium_processor:::::
	cpe:2.3:o:suse:suse_linux:8.0::i386:::::
	cpe:2.3:o:altlinux:alt_linux:2.3::junior:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
	cpe:2.3:o:debian:debian_linux:3.0::s-390:::::
	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
	cpe:2.3:o:debian:debian_linux:3.0::alpha:::::
	cpe:2.3:o:suse:suse_linux:8.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_server:::::

Information

Published : 2004-12-14 21:00

Updated : 2017-10-10 18:29

NVD link : CVE-2004-1145

Mitre link : CVE-2004-1145

JSON object : View

CWE

NVD-CWE-Other

Products Affected

sgi

propack

redhat

enterprise_linux_desktop
enterprise_linux
linux_advanced_workstation

altlinux

alt_linux

debian

debian_linux

suse

suse_linux

ethereal_group

ethereal

conectiva

linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.heise.de/security/dienste/browsercheck/tests/java.shtml", "name": "http://www.heise.de/security/dienste/browsercheck/tests/java.shtml", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.kde.org/info/security/advisory-20041220-1.txt", "name": "http://www.kde.org/info/security/advisory-20041220-1.txt", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml", "name": "GLSA-200501-16", "tags": ["Patch", "Vendor Advisory"], "refsource": "GENTOO"}, {"url": "http://www.redhat.com/support/errata/RHSA-2005-065.html", "name": "RHSA-2005:065", "tags": ["Patch", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.kb.cert.org/vuls/id/420222", "name": "VU#420222", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://secunia.com/advisories/13586", "name": "13586", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:154", "name": "MDKSA-2004:154", "tags": [], "refsource": "MANDRAKE"}, {"url": "http://marc.info/?l=bugtraq&m=110356286722875&w=2", "name": "20041220 KDE Security Advisory: Konqueror Java Vulnerability", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18596", "name": "konqueror-sandbox-restriction-bypass(18596)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173", "name": "oval:org.mitre.oval:def:10173", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1145", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-12-15T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.10.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.10.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.10.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.10.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.10.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.0:*:x86_64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:altlinux:alt_linux:2.3:*:compact:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.0:*:i386:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:altlinux:alt_linux:2.3:*:junior:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:29Z"}

5.0 /10