Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.
References
Link | Resource |
---|---|
http://www.heise.de/security/dienste/browsercheck/tests/java.shtml | Vendor Advisory |
http://www.kde.org/info/security/advisory-20041220-1.txt | Patch Vendor Advisory |
http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml | Patch Vendor Advisory |
http://www.redhat.com/support/errata/RHSA-2005-065.html | Patch Vendor Advisory |
http://www.kb.cert.org/vuls/id/420222 | Patch Third Party Advisory US Government Resource |
http://secunia.com/advisories/13586 | Patch Vendor Advisory |
http://www.mandriva.com/security/advisories?name=MDKSA-2004:154 | |
http://marc.info/?l=bugtraq&m=110356286722875&w=2 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/18596 | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2004-12-14 21:00
Updated : 2017-10-10 18:29
NVD link : CVE-2004-1145
Mitre link : CVE-2004-1145
JSON object : View
CWE
Products Affected
sgi
- propack
redhat
- enterprise_linux_desktop
- enterprise_linux
- linux_advanced_workstation
altlinux
- alt_linux
debian
- debian_linux
suse
- suse_linux
ethereal_group
- ethereal
conectiva
- linux