CVE-2004-1145

critical

Description

Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10173

https://exchange.xforce.ibmcloud.com/vulnerabilities/18596

http://www.redhat.com/support/errata/RHSA-2005-065.html

http://www.mandriva.com/security/advisories?name=MDKSA-2004:154

http://www.kde.org/info/security/advisory-20041220-1.txt

http://www.kb.cert.org/vuls/id/420222

http://www.heise.de/security/dienste/browsercheck/tests/java.shtml

http://www.gentoo.org/security/en/glsa/glsa-200501-16.xml

http://secunia.com/advisories/13586

http://marc.info/?l=bugtraq&m=110356286722875&w=2

Details

Source: Mitre, NVD

Published: 2004-12-15

Updated: 2017-10-11

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical